Warning: Permanently added '10.128.1.67' (ED25519) to the list of known hosts.
executing program
[   61.144964][ T3545] loop0: detected capacity change from 0 to 16
[   61.158031][ T3545] erofs: (device loop0): mounted with root inode @ nid 36.
[   61.184469][ T3545] ==================================================================
[   61.192581][ T3545] BUG: KASAN: use-after-free in z_erofs_transform_plain+0x375/0x470
[   61.200585][ T3545] Read of size 4096 at addr ffff8880761f0000 by task syz-executor338/3545
[   61.209165][ T3545] 
[   61.211483][ T3545] CPU: 1 PID: 3545 Comm: syz-executor338 Not tainted 6.1.77-syzkaller #0
[   61.219900][ T3545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   61.229951][ T3545] Call Trace:
[   61.233221][ T3545]  <TASK>
[   61.236149][ T3545]  dump_stack_lvl+0x1e3/0x2cb
[   61.240855][ T3545]  ? nf_tcp_handle_invalid+0x642/0x642
[   61.246325][ T3545]  ? panic+0x75d/0x75d
[   61.250402][ T3545]  ? _printk+0xd1/0x111
[   61.254570][ T3545]  ? __virt_addr_valid+0x17f/0x520
[   61.259694][ T3545]  ? __virt_addr_valid+0x17f/0x520
[   61.264819][ T3545]  print_report+0x15f/0x4f0
[   61.269333][ T3545]  ? __virt_addr_valid+0x17f/0x520
[   61.274454][ T3545]  ? __virt_addr_valid+0x17f/0x520
[   61.279569][ T3545]  ? __virt_addr_valid+0x44a/0x520
[   61.284687][ T3545]  ? __phys_addr+0xb6/0x170
[   61.289199][ T3545]  ? z_erofs_transform_plain+0x375/0x470
[   61.294865][ T3545]  kasan_report+0x136/0x160
[   61.299401][ T3545]  ? __mutex_lock+0x2f7/0xd80
[   61.304085][ T3545]  ? z_erofs_transform_plain+0x375/0x470
[   61.309735][ T3545]  kasan_check_range+0x27f/0x290
[   61.314675][ T3545]  ? z_erofs_transform_plain+0x375/0x470
[   61.320319][ T3545]  memcpy+0x25/0x60
[   61.324137][ T3545]  z_erofs_transform_plain+0x375/0x470
[   61.329609][ T3545]  z_erofs_decompress_queue+0x1aa0/0x2d50
[   61.335351][ T3545]  ? z_erofs_onlinepage_endio+0x280/0x280
[   61.341078][ T3545]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   61.347073][ T3545]  ? print_irqtrace_events+0x210/0x210
[   61.352572][ T3545]  ? z_erofs_decompressqueue_endio+0x570/0x570
[   61.358760][ T3545]  ? erofs_map_blocks+0x14d0/0x14d0
[   61.363975][ T3545]  ? folio_unlock+0x122/0x2f0
[   61.368671][ T3545]  z_erofs_runqueue+0x1a6e/0x1ca0
[   61.373721][ T3545]  ? z_erofs_do_read_page+0x3bd0/0x3bd0
[   61.379276][ T3545]  ? __lock_acquire+0x1f80/0x1f80
[   61.384335][ T3545]  ? z_erofs_pcluster_readmore+0x428/0x450
[   61.390153][ T3545]  z_erofs_read_folio+0x478/0x760
[   61.395188][ T3545]  ? z_erofs_rcu_callback+0x190/0x190
[   61.400576][ T3545]  ? down_read+0x825/0xa30
[   61.405000][ T3545]  ? filemap_get_read_batch+0x16f/0xc90
[   61.410547][ T3545]  ? filemap_get_read_batch+0xbce/0xc90
[   61.416101][ T3545]  filemap_read_folio+0x199/0x780
[   61.421131][ T3545]  ? inode_to_wb+0x150/0x150
[   61.425727][ T3545]  ? z_erofs_rcu_callback+0x190/0x190
[   61.431109][ T3545]  ? maybe_unlock_mmap_for_io+0x130/0x130
[   61.436834][ T3545]  filemap_read+0x1a13/0x31d0
[   61.441541][ T3545]  ? find_get_pages_range_tag+0x810/0x810
[   61.447263][ T3545]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   61.453270][ T3545]  ? generic_file_read_iter+0x90/0x540
[   61.458739][ T3545]  ? iov_iter_kvec+0x4a/0x1b0
[   61.463424][ T3545]  __kernel_read+0x41e/0x8a0
[   61.468043][ T3545]  ? rw_verify_area+0x1a0/0x1a0
[   61.472896][ T3545]  ? sha256_avx2_update+0x12f/0x1f0
[   61.478098][ T3545]  ? crypto_shash_update+0x1db/0x2a0
[   61.483396][ T3545]  ? crypto_shash_setkey+0x2b0/0x2b0
[   61.488694][ T3545]  integrity_kernel_read+0xac/0xf0
[   61.493811][ T3545]  ? integrity_inode_free+0x170/0x170
[   61.499199][ T3545]  ima_calc_file_hash+0xa57/0x1c00
[   61.504320][ T3545]  ? validate_chain+0x13ce/0x5950
[   61.509359][ T3545]  ? reacquire_held_locks+0x660/0x660
[   61.514749][ T3545]  ? ima_alloc_tfm+0x310/0x310
[   61.519534][ T3545]  ? erofs_getxattr+0x830/0x830
[   61.524395][ T3545]  ? erofs_getxattr+0xd1/0x830
[   61.529162][ T3545]  ? __might_sleep+0xb0/0xb0
[   61.533754][ T3545]  ? trace_raw_output_contention_end+0xd0/0xd0
[   61.539916][ T3545]  ima_collect_measurement+0x59a/0xc30
[   61.545385][ T3545]  ? trace_contention_end+0x61/0x170
[   61.550680][ T3545]  ? ima_get_action+0xa0/0xa0
[   61.555366][ T3545]  ? erofs_xattr_user_list+0xa0/0xa0
[   61.560662][ T3545]  process_measurement+0x135c/0x21b0
[   61.565956][ T3545]  ? tomoyo_check_open_permission+0x1f2/0x4c0
[   61.572040][ T3545]  ? ima_file_mmap+0x1c0/0x1c0
[   61.576811][ T3545]  ? tomoyo_check_open_permission+0x3aa/0x4c0
[   61.582880][ T3545]  ? tomoyo_check_open_permission+0x1f2/0x4c0
[   61.588958][ T3545]  ? apparmor_file_open+0x3e3/0x820
[   61.594166][ T3545]  ? aa_get_current_label+0x111/0x1d0
[   61.599550][ T3545]  ? apparmor_current_getsecid_subj+0xac/0x110
[   61.605713][ T3545]  ima_file_check+0xed/0x170
[   61.610315][ T3545]  ? do_dentry_open+0xc1d/0x10f0
[   61.615266][ T3545]  ? ima_bprm_check+0x2b0/0x2b0
[   61.620128][ T3545]  path_openat+0x2687/0x2e60
[   61.624735][ T3545]  ? do_filp_open+0x480/0x480
[   61.629425][ T3545]  do_filp_open+0x230/0x480
[   61.633936][ T3545]  ? vfs_tmpfile+0x4a0/0x4a0
[   61.638539][ T3545]  ? _raw_spin_unlock+0x24/0x40
[   61.643397][ T3545]  ? alloc_fd+0x59c/0x640
[   61.647730][ T3545]  do_sys_openat2+0x13b/0x500
[   61.652421][ T3545]  ? do_sys_open+0x220/0x220
[   61.657022][ T3545]  __x64_sys_open+0x221/0x270
[   61.661707][ T3545]  ? do_sys_openat2+0x500/0x500
[   61.666569][ T3545]  ? syscall_enter_from_user_mode+0x2e/0x220
[   61.672550][ T3545]  ? lockdep_hardirqs_on+0x94/0x130
[   61.677749][ T3545]  ? syscall_enter_from_user_mode+0x2e/0x220
[   61.683734][ T3545]  do_syscall_64+0x3d/0xb0
[   61.688170][ T3545]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.694072][ T3545] RIP: 0033:0x7f97a7073469
[   61.698486][ T3545] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.718096][ T3545] RSP: 002b:00007ffcb6545018 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   61.726522][ T3545] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f97a7073469
[   61.734494][ T3545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[   61.742463][ T3545] RBP: 00007f97a70b50cc R08: 0000000000000171 R09: 00007f97a70b50cc
[   61.750435][ T3545] R10: 00007ffcb6544ee0 R11: 0000000000000246 R12: 00007ffcb65451c0
[   61.758410][ T3545] R13: 00007f97a70b50e5 R14: 0000000000000001 R15: 0000000000000001
[   61.766394][ T3545]  </TASK>
[   61.769411][ T3545] 
[   61.771729][ T3545] Allocated by task 3515:
[   61.776051][ T3545]  kasan_set_track+0x4b/0x70
[   61.780654][ T3545]  __kasan_slab_alloc+0x65/0x70
[   61.785510][ T3545]  slab_post_alloc_hook+0x52/0x3a0
[   61.790642][ T3545]  kmem_cache_alloc+0x10c/0x2d0
[   61.795497][ T3545]  getname_flags+0xb8/0x4f0
[   61.800006][ T3545]  __x64_sys_newfstatat+0x130/0x1e0
[   61.805210][ T3545]  do_syscall_64+0x3d/0xb0
[   61.809635][ T3545]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.815535][ T3545] 
[   61.817856][ T3545] Freed by task 3515:
[   61.821830][ T3545]  kasan_set_track+0x4b/0x70
[   61.826429][ T3545]  kasan_save_free_info+0x27/0x40
[   61.831454][ T3545]  ____kasan_slab_free+0xd6/0x120
[   61.836485][ T3545]  kmem_cache_free+0x292/0x510
[   61.841254][ T3545]  __x64_sys_newfstatat+0x15c/0x1e0
[   61.846465][ T3545]  do_syscall_64+0x3d/0xb0
[   61.850889][ T3545]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.856788][ T3545] 
[   61.859154][ T3545] The buggy address belongs to the object at ffff8880761f0000
[   61.859154][ T3545]  which belongs to the cache names_cache of size 4096
[   61.873294][ T3545] The buggy address is located 0 bytes inside of
[   61.873294][ T3545]  4096-byte region [ffff8880761f0000, ffff8880761f1000)
[   61.886480][ T3545] 
[   61.888801][ T3545] The buggy address belongs to the physical page:
[   61.895204][ T3545] page:ffffea0001d87c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x761f0
[   61.905357][ T3545] head:ffffea0001d87c00 order:3 compound_mapcount:0 compound_pincount:0
[   61.913681][ T3545] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   61.921670][ T3545] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888140009640
[   61.930258][ T3545] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[   61.938839][ T3545] page dumped because: kasan: bad access detected
[   61.945246][ T3545] page_owner tracks the page as allocated
[   61.950957][ T3545] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3515, tgid 3515 (cmp), ts 52937082069, free_ts 52880876935
[   61.971538][ T3545]  post_alloc_hook+0x18d/0x1b0
[   61.976310][ T3545]  get_page_from_freelist+0x31a1/0x3320
[   61.981865][ T3545]  __alloc_pages+0x28d/0x770
[   61.986455][ T3545]  alloc_slab_page+0x6a/0x150
[   61.991137][ T3545]  new_slab+0x84/0x2d0
[   61.995228][ T3545]  ___slab_alloc+0xc20/0x1270
[   61.999930][ T3545]  kmem_cache_alloc+0x1a5/0x2d0
[   62.004799][ T3545]  getname_flags+0xb8/0x4f0
[   62.009319][ T3545]  __x64_sys_newfstatat+0x130/0x1e0
[   62.014527][ T3545]  do_syscall_64+0x3d/0xb0
[   62.018953][ T3545]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.024850][ T3545] page last free stack trace:
[   62.029520][ T3545]  free_unref_page_prepare+0xf63/0x1120
[   62.035067][ T3545]  free_unref_page+0x33/0x3e0
[   62.039738][ T3545]  __unfreeze_partials+0x1b7/0x210
[   62.044854][ T3545]  put_cpu_partial+0x17b/0x250
[   62.049628][ T3545]  qlist_free_all+0x76/0xe0
[   62.054132][ T3545]  kasan_quarantine_reduce+0x156/0x170
[   62.059592][ T3545]  __kasan_slab_alloc+0x1f/0x70
[   62.064451][ T3545]  slab_post_alloc_hook+0x52/0x3a0
[   62.069571][ T3545]  kmem_cache_alloc+0x10c/0x2d0
[   62.074424][ T3545]  getname_flags+0xb8/0x4f0
[   62.078932][ T3545]  do_sys_openat2+0xd2/0x500
[   62.083539][ T3545]  __x64_sys_openat+0x243/0x290
[   62.088399][ T3545]  do_syscall_64+0x3d/0xb0
[   62.092822][ T3545]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.098719][ T3545] 
[   62.101037][ T3545] Memory state around the buggy address:
[   62.106676][ T3545]  ffff8880761eff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   62.114731][ T3545]  ffff8880761eff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   62.122791][ T3545] >ffff8880761f0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.130849][ T3545]                    ^
[   62.134910][ T3545]  ffff8880761f0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.142966][ T3545]  ffff8880761f0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.151020][ T3545] ==================================================================
[   62.159695][ T3545] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   62.166909][ T3545] CPU: 1 PID: 3545 Comm: syz-executor338 Not tainted 6.1.77-syzkaller #0
[   62.175345][ T3545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   62.185415][ T3545] Call Trace:
[   62.188743][ T3545]  <TASK>
[   62.191686][ T3545]  dump_stack_lvl+0x1e3/0x2cb
[   62.196387][ T3545]  ? nf_tcp_handle_invalid+0x642/0x642
[   62.201867][ T3545]  ? panic+0x75d/0x75d
[   62.205968][ T3545]  ? preempt_schedule_common+0xa6/0xd0
[   62.211466][ T3545]  ? vscnprintf+0x59/0x80
[   62.215800][ T3545]  panic+0x318/0x75d
[   62.219703][ T3545]  ? check_panic_on_warn+0x1d/0xa0
[   62.224834][ T3545]  ? memcpy_page_flushcache+0xfc/0xfc
[   62.230211][ T3545]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   62.236202][ T3545]  ? _raw_spin_unlock+0x40/0x40
[   62.241054][ T3545]  ? print_report+0x4a3/0x4f0
[   62.245734][ T3545]  check_panic_on_warn+0x7e/0xa0
[   62.250687][ T3545]  ? z_erofs_transform_plain+0x375/0x470
[   62.256328][ T3545]  end_report+0x66/0x110
[   62.260577][ T3545]  kasan_report+0x143/0x160
[   62.265081][ T3545]  ? __mutex_lock+0x2f7/0xd80
[   62.269759][ T3545]  ? z_erofs_transform_plain+0x375/0x470
[   62.275399][ T3545]  kasan_check_range+0x27f/0x290
[   62.280338][ T3545]  ? z_erofs_transform_plain+0x375/0x470
[   62.285982][ T3545]  memcpy+0x25/0x60
[   62.289796][ T3545]  z_erofs_transform_plain+0x375/0x470
[   62.295268][ T3545]  z_erofs_decompress_queue+0x1aa0/0x2d50
[   62.301012][ T3545]  ? z_erofs_onlinepage_endio+0x280/0x280
[   62.306741][ T3545]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   62.312746][ T3545]  ? print_irqtrace_events+0x210/0x210
[   62.318223][ T3545]  ? z_erofs_decompressqueue_endio+0x570/0x570
[   62.324388][ T3545]  ? erofs_map_blocks+0x14d0/0x14d0
[   62.329592][ T3545]  ? folio_unlock+0x122/0x2f0
[   62.334284][ T3545]  z_erofs_runqueue+0x1a6e/0x1ca0
[   62.339329][ T3545]  ? z_erofs_do_read_page+0x3bd0/0x3bd0
[   62.344879][ T3545]  ? __lock_acquire+0x1f80/0x1f80
[   62.349924][ T3545]  ? z_erofs_pcluster_readmore+0x428/0x450
[   62.355738][ T3545]  z_erofs_read_folio+0x478/0x760
[   62.360777][ T3545]  ? z_erofs_rcu_callback+0x190/0x190
[   62.366164][ T3545]  ? down_read+0x825/0xa30
[   62.370584][ T3545]  ? filemap_get_read_batch+0x16f/0xc90
[   62.376132][ T3545]  ? filemap_get_read_batch+0xbce/0xc90
[   62.381686][ T3545]  filemap_read_folio+0x199/0x780
[   62.386712][ T3545]  ? inode_to_wb+0x150/0x150
[   62.391306][ T3545]  ? z_erofs_rcu_callback+0x190/0x190
[   62.396689][ T3545]  ? maybe_unlock_mmap_for_io+0x130/0x130
[   62.402418][ T3545]  filemap_read+0x1a13/0x31d0
[   62.407141][ T3545]  ? find_get_pages_range_tag+0x810/0x810
[   62.412862][ T3545]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[   62.418867][ T3545]  ? generic_file_read_iter+0x90/0x540
[   62.424330][ T3545]  ? iov_iter_kvec+0x4a/0x1b0
[   62.429014][ T3545]  __kernel_read+0x41e/0x8a0
[   62.433611][ T3545]  ? rw_verify_area+0x1a0/0x1a0
[   62.438468][ T3545]  ? sha256_avx2_update+0x12f/0x1f0
[   62.443691][ T3545]  ? crypto_shash_update+0x1db/0x2a0
[   62.448987][ T3545]  ? crypto_shash_setkey+0x2b0/0x2b0
[   62.454289][ T3545]  integrity_kernel_read+0xac/0xf0
[   62.459412][ T3545]  ? integrity_inode_free+0x170/0x170
[   62.464794][ T3545]  ima_calc_file_hash+0xa57/0x1c00
[   62.469918][ T3545]  ? validate_chain+0x13ce/0x5950
[   62.474958][ T3545]  ? reacquire_held_locks+0x660/0x660
[   62.480355][ T3545]  ? ima_alloc_tfm+0x310/0x310
[   62.485140][ T3545]  ? erofs_getxattr+0x830/0x830
[   62.490000][ T3545]  ? erofs_getxattr+0xd1/0x830
[   62.494769][ T3545]  ? __might_sleep+0xb0/0xb0
[   62.499361][ T3545]  ? trace_raw_output_contention_end+0xd0/0xd0
[   62.505547][ T3545]  ima_collect_measurement+0x59a/0xc30
[   62.511016][ T3545]  ? trace_contention_end+0x61/0x170
[   62.516319][ T3545]  ? ima_get_action+0xa0/0xa0
[   62.521000][ T3545]  ? erofs_xattr_user_list+0xa0/0xa0
[   62.526299][ T3545]  process_measurement+0x135c/0x21b0
[   62.531594][ T3545]  ? tomoyo_check_open_permission+0x1f2/0x4c0
[   62.537675][ T3545]  ? ima_file_mmap+0x1c0/0x1c0
[   62.542445][ T3545]  ? tomoyo_check_open_permission+0x3aa/0x4c0
[   62.548515][ T3545]  ? tomoyo_check_open_permission+0x1f2/0x4c0
[   62.554596][ T3545]  ? apparmor_file_open+0x3e3/0x820
[   62.559808][ T3545]  ? aa_get_current_label+0x111/0x1d0
[   62.565189][ T3545]  ? apparmor_current_getsecid_subj+0xac/0x110
[   62.571359][ T3545]  ima_file_check+0xed/0x170
[   62.575963][ T3545]  ? do_dentry_open+0xc1d/0x10f0
[   62.580915][ T3545]  ? ima_bprm_check+0x2b0/0x2b0
[   62.585776][ T3545]  path_openat+0x2687/0x2e60
[   62.590389][ T3545]  ? do_filp_open+0x480/0x480
[   62.595080][ T3545]  do_filp_open+0x230/0x480
[   62.599589][ T3545]  ? vfs_tmpfile+0x4a0/0x4a0
[   62.604191][ T3545]  ? _raw_spin_unlock+0x24/0x40
[   62.609058][ T3545]  ? alloc_fd+0x59c/0x640
[   62.613398][ T3545]  do_sys_openat2+0x13b/0x500
[   62.618085][ T3545]  ? do_sys_open+0x220/0x220
[   62.622689][ T3545]  __x64_sys_open+0x221/0x270
[   62.627380][ T3545]  ? do_sys_openat2+0x500/0x500
[   62.632245][ T3545]  ? syscall_enter_from_user_mode+0x2e/0x220
[   62.638233][ T3545]  ? lockdep_hardirqs_on+0x94/0x130
[   62.643437][ T3545]  ? syscall_enter_from_user_mode+0x2e/0x220
[   62.649422][ T3545]  do_syscall_64+0x3d/0xb0
[   62.653855][ T3545]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.659760][ T3545] RIP: 0033:0x7f97a7073469
[   62.664181][ T3545] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   62.683800][ T3545] RSP: 002b:00007ffcb6545018 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   62.692220][ T3545] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f97a7073469
[   62.700200][ T3545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[   62.708176][ T3545] RBP: 00007f97a70b50cc R08: 0000000000000171 R09: 00007f97a70b50cc
[   62.716149][ T3545] R10: 00007ffcb6544ee0 R11: 0000000000000246 R12: 00007ffcb65451c0
[   62.724122][ T3545] R13: 00007f97a70b50e5 R14: 0000000000000001 R15: 0000000000000001
[   62.732102][ T3545]  </TASK>
[   62.735470][ T3545] Kernel Offset: disabled
[   62.739793][ T3545] Rebooting in 86400 seconds..