forked to background, child pid 3142
no interfaces have a carrier
[ 22.244840][ T3143] 8021q: adding VLAN 0 to HW filter on device bond0
[ 22.255554][ T3143] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 41.280073][ T3557] loop0: detected capacity change from 0 to 16
[ 41.292238][ T3557] erofs: (device loop0): mounted with root inode @ nid 36.
[ 41.315226][ T47] ==================================================================
[ 41.323324][ T47] BUG: KASAN: vmalloc-out-of-bounds in LZ4_decompress_safe_partial+0x102a/0x11a0
[ 41.332622][ T47] Read of size 2 at addr ffffc90000acf000 by task kworker/u5:0/47
[ 41.340860][ T47]
[ 41.343169][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 5.17.0-syzkaller-13993-g88e6c0207623 #0
[ 41.352872][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 41.363318][ T47] Workqueue: erofs_unzipd z_erofs_decompressqueue_work
[ 41.370159][ T47] Call Trace:
[ 41.373756][ T47]
[ 41.376670][ T47] dump_stack_lvl+0xcd/0x134
[ 41.381241][ T47] print_address_description.constprop.0.cold+0xf/0x495
[ 41.388190][ T47] ? LZ4_decompress_safe_partial+0x102a/0x11a0
[ 41.394335][ T47] kasan_report.cold+0xf4/0x1c6
[ 41.399253][ T47] ? LZ4_decompress_safe_partial+0x102a/0x11a0
[ 41.405384][ T47] LZ4_decompress_safe_partial+0x102a/0x11a0
[ 41.411346][ T47] z_erofs_lz4_decompress+0xda6/0x14a0
[ 41.416791][ T47] ? z_erofs_fixup_insize+0xb0/0xb0
[ 41.421972][ T47] z_erofs_decompress_pcluster.isra.0+0x1eac/0x3160
[ 41.428545][ T47] ? z_erofs_pcluster_readmore+0xa30/0xa30
[ 41.434333][ T47] ? ret_from_fork+0x1f/0x30
[ 41.438906][ T47] ? kernel_text_address+0xd/0x80
[ 41.443911][ T47] ? create_prof_cpu_mask+0x20/0x20
[ 41.449090][ T47] ? arch_stack_walk+0x7d/0xe0
[ 41.453834][ T47] ? ret_from_fork+0x1f/0x30
[ 41.458408][ T47] ? stack_trace_save+0x8c/0xc0
[ 41.463245][ T47] ? filter_irq_stacks+0x90/0x90
[ 41.468172][ T47] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 41.474393][ T47] ? _find_first_zero_bit+0x94/0xb0
[ 41.479594][ T47] ? add_lock_to_list.constprop.0+0x185/0x370
[ 41.485732][ T47] ? lockdep_unlock+0x11b/0x290
[ 41.490559][ T47] ? __lock_acquire+0x2589/0x56c0
[ 41.495564][ T47] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 41.501523][ T47] ? lock_downgrade+0x6e0/0x6e0
[ 41.506358][ T47] z_erofs_decompressqueue_work+0xe1/0x170
[ 41.512146][ T47] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 41.518189][ T47] ? z_erofs_decompress_pcluster.isra.0+0x3160/0x3160
[ 41.524953][ T47] process_one_work+0x996/0x1610
[ 41.529890][ T47] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 41.535256][ T47] ? try_to_del_timer_sync+0xbf/0x110
[ 41.540622][ T47] worker_thread+0x665/0x1080
[ 41.545291][ T47] ? process_one_work+0x1610/0x1610
[ 41.550474][ T47] kthread+0x2e9/0x3a0
[ 41.554525][ T47] ? kthread_complete_and_exit+0x40/0x40
[ 41.560234][ T47] ret_from_fork+0x1f/0x30
[ 41.564643][ T47]
[ 41.567641][ T47]
[ 41.569939][ T47] The buggy address belongs to the virtual mapping at
[ 41.569939][ T47] [ffffc90000ace000, ffffc90000ad0000) created by:
[ 41.569939][ T47] erofs_pcpubuf_growsize+0x2d5/0x590
[ 41.588328][ T47]
[ 41.590700][ T47] ------------[ cut here ]------------
[ 41.596133][ T47] kernel BUG at mm/vmalloc.c:660!
[ 41.601143][ T47] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 41.607188][ T47] CPU: 0 PID: 47 Comm: kworker/u5:0 Not tainted 5.17.0-syzkaller-13993-g88e6c0207623 #0
[ 41.616886][ T47] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 41.626927][ T47] Workqueue: erofs_unzipd z_erofs_decompressqueue_work
[ 41.633767][ T47] RIP: 0010:vmalloc_to_page+0x46e/0x4f0
[ 41.639301][ T47] Code: c1 ff 4d 31 fc 4d 21 f4 49 c1 ec 0c 4c 01 e3 49 bc 00 00 00 00 00 ea ff ff 48 c1 e3 06 49 01 dc e9 35 ff ff ff e8 92 75 c1 ff <0f> 0b e8 8b 75 c1 ff 0f 0b 45 31 e4 e9 1f ff ff ff e8 7c 75 c1 ff
[ 41.659314][ T47] RSP: 0018:ffffc90000b87518 EFLAGS: 00010093
[ 41.665365][ T47] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 41.673317][ T47] RDX: ffff8880184e8000 RSI: ffffffff81b7278e RDI: 0000000000000003
[ 41.681263][ T47] RBP: ffffffff8ba8e000 R08: 00001ffffffffffe R09: 0000000000000000
[ 41.689217][ T47] R10: ffffffff81b723a6 R11: 0000000000000000 R12: 0000370000000000
[ 41.697193][ T47] R13: 0000000000000000 R14: ffff8880184e8000 R15: 0000000000000282
[ 41.705151][ T47] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[ 41.714060][ T47] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.720619][ T47] CR2: 000055c8d14eab60 CR3: 000000002323b000 CR4: 0000000000350ef0
[ 41.728573][ T47] Call Trace:
[ 41.731833][ T47]
[ 41.734743][ T47] print_address_description.constprop.0.cold+0x2fc/0x495
[ 41.741843][ T47] ? LZ4_decompress_safe_partial+0x102a/0x11a0
[ 41.747978][ T47] kasan_report.cold+0xf4/0x1c6
[ 41.752815][ T47] ? LZ4_decompress_safe_partial+0x102a/0x11a0
[ 41.758953][ T47] LZ4_decompress_safe_partial+0x102a/0x11a0
[ 41.764929][ T47] z_erofs_lz4_decompress+0xda6/0x14a0
[ 41.770376][ T47] ? z_erofs_fixup_insize+0xb0/0xb0
[ 41.775580][ T47] z_erofs_decompress_pcluster.isra.0+0x1eac/0x3160
[ 41.782158][ T47] ? z_erofs_pcluster_readmore+0xa30/0xa30
[ 41.787953][ T47] ? ret_from_fork+0x1f/0x30
[ 41.792531][ T47] ? kernel_text_address+0xd/0x80
[ 41.797540][ T47] ? create_prof_cpu_mask+0x20/0x20
[ 41.802726][ T47] ? arch_stack_walk+0x7d/0xe0
[ 41.807474][ T47] ? ret_from_fork+0x1f/0x30
[ 41.812049][ T47] ? stack_trace_save+0x8c/0xc0
[ 41.816881][ T47] ? filter_irq_stacks+0x90/0x90
[ 41.821802][ T47] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 41.828026][ T47] ? _find_first_zero_bit+0x94/0xb0
[ 41.833210][ T47] ? add_lock_to_list.constprop.0+0x185/0x370
[ 41.839260][ T47] ? lockdep_unlock+0x11b/0x290
[ 41.844089][ T47] ? __lock_acquire+0x2589/0x56c0
[ 41.849106][ T47] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 41.855073][ T47] ? lock_downgrade+0x6e0/0x6e0
[ 41.859908][ T47] z_erofs_decompressqueue_work+0xe1/0x170
[ 41.865699][ T47] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 41.871666][ T47] ? z_erofs_decompress_pcluster.isra.0+0x3160/0x3160
[ 41.878418][ T47] process_one_work+0x996/0x1610
[ 41.883349][ T47] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 41.888701][ T47] ? try_to_del_timer_sync+0xbf/0x110
[ 41.894058][ T47] worker_thread+0x665/0x1080
[ 41.898721][ T47] ? process_one_work+0x1610/0x1610
[ 41.903899][ T47] kthread+0x2e9/0x3a0
[ 41.907950][ T47] ? kthread_complete_and_exit+0x40/0x40
[ 41.913559][ T47] ret_from_fork+0x1f/0x30
[ 41.917957][ T47]
[ 41.920951][ T47] Modules linked in:
[ 41.924823][ T47] ---[ end trace 0000000000000000 ]---
[ 41.930250][ T47] RIP: 0010:vmalloc_to_page+0x46e/0x4f0
[ 41.935784][ T47] Code: c1 ff 4d 31 fc 4d 21 f4 49 c1 ec 0c 4c 01 e3 49 bc 00 00 00 00 00 ea ff ff 48 c1 e3 06 49 01 dc e9 35 ff ff ff e8 92 75 c1 ff <0f> 0b e8 8b 75 c1 ff 0f 0b 45 31 e4 e9 1f ff ff ff e8 7c 75 c1 ff
[ 41.955380][ T47] RSP: 0018:ffffc90000b87518 EFLAGS: 00010093
[ 41.961429][ T47] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 41.969376][ T47] RDX: ffff8880184e8000 RSI: ffffffff81b7278e RDI: 0000000000000003
[ 41.977365][ T47] RBP: ffffffff8ba8e000 R08: 00001ffffffffffe R09: 0000000000000000
[ 41.985326][ T47] R10: ffffffff81b723a6 R11: 0000000000000000 R12: 0000370000000000
[ 41.993276][ T47] R13: 0000000000000000 R14: ffff8880184e8000 R15: 0000000000000282
[ 42.001223][ T47] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[ 42.010126][ T47] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.016693][ T47] CR2: 000055c8d14eab60 CR3: 000000002323b000 CR4: 0000000000350ef0
[ 42.024643][ T47] Kernel panic - not syncing: Fatal exception
[ 42.031379][ T47] Kernel Offset: disabled
[ 42.035689][ T47] Rebooting in 86400 seconds..