[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. 2021/03/23 17:38:01 parsed 1 programs 2021/03/23 17:38:01 executed programs: 0 syzkaller login: [ 38.405631] IPVS: ftp: loaded support on port[0] = 21 [ 38.517964] chnl_net:caif_netlink_parms(): no params data found [ 38.578474] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.586089] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.593741] device bridge_slave_0 entered promiscuous mode [ 38.602663] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.609055] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.616774] device bridge_slave_1 entered promiscuous mode [ 38.634442] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.643413] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.662384] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.670176] team0: Port device team_slave_0 added [ 38.676021] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.683649] team0: Port device team_slave_1 added [ 38.700022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.706360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.731743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.743576] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.749822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.775102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.785764] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.793583] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.814050] device hsr_slave_0 entered promiscuous mode [ 38.820371] device hsr_slave_1 entered promiscuous mode [ 38.827822] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 38.835195] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 38.902608] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.909226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.916259] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.922723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.955051] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 38.961198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.973120] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 38.981661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.991633] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.999304] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.007340] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 39.018506] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 39.025521] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.035615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.043595] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.050029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.072389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.080053] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.086487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.098096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.106362] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.114185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.123003] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.133377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.144379] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 39.150756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.163937] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 39.174494] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.181222] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.191472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.205323] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 39.214894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.249615] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 39.257171] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 39.264804] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 39.274469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.283625] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.290487] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.299925] device veth0_vlan entered promiscuous mode [ 39.308870] device veth1_vlan entered promiscuous mode [ 39.315166] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 39.323963] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 39.336135] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 39.345886] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.354070] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.361314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.371705] device veth0_macvtap entered promiscuous mode [ 39.377906] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 39.387852] device veth1_macvtap entered promiscuous mode [ 39.397162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 39.406769] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 39.418421] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.426072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.435241] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 39.445873] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.453403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.568505] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 39.576580] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.594728] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 39.602941] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.606732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.610069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.610804] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 39.633759] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 39.666420] erofs: read_super, device -> /dev/loop0 [ 39.672648] erofs: options -> [ 39.677182] erofs: root inode @ nid 36 [ 39.684034] erofs: mounted on /dev/loop0 with opts: . [ 39.697243] ------------[ cut here ]------------ [ 39.702158] kernel BUG at drivers/staging/erofs/unzip_vle.c:1562! [ 39.708787] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 39.714176] CPU: 0 PID: 8354 Comm: syz-executor.0 Not tainted 4.19.182-syzkaller #0 [ 39.722085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.731450] RIP: 0010:z_erofs_map_blocks_iter+0x122e/0x1aa0 [ 39.737152] Code: 0f 95 c0 84 c1 0f 85 82 08 00 00 48 8b 04 24 8b 5b 04 44 8b 60 20 e9 77 fc ff ff 66 45 85 e4 0f 84 8c 01 00 00 e8 c2 c2 28 fb <0f> 0b e8 bb c2 28 fb 48 89 ef e8 43 d8 47 fb 48 8b 54 24 20 48 b8 [ 39.756142] RSP: 0018:ffff88809575f208 EFLAGS: 00010293 [ 39.761488] RAX: ffff8880abdc6100 RBX: ffff8880ae226778 RCX: ffffffff8639928b [ 39.768740] RDX: 0000000000000000 RSI: ffffffff863997be RDI: 0000000000000003 [ 39.776015] RBP: ffff8880aa7bf2c0 R08: 0000000000000000 R09: 0000000000000002 [ 39.783283] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000003 [ 39.790539] R13: dffffc0000000000 R14: ffffea0002b88980 R15: 0000000000000480 [ 39.797798] FS: 0000000002ba1400(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 39.806002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.811889] CR2: 000055a719aba788 CR3: 000000009e3aa000 CR4: 00000000001406f0 [ 39.819143] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.826396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.833663] Call Trace: [ 39.836252] erofs_map_blocks_iter+0x6d/0x3b0 [ 39.841012] z_erofs_do_read_page+0x670/0x2820 [ 39.845594] ? z_erofs_vle_work_add_page+0x8b0/0x8b0 [ 39.850698] ? check_preemption_disabled+0x41/0x280 [ 39.855703] z_erofs_vle_normalaccess_readpage+0x136/0x460 [ 39.861418] ? z_erofs_submit_and_unzip.isra.0+0x1930/0x1930 [ 39.867204] ? add_to_page_cache_locked+0x40/0x40 [ 39.872048] do_read_cache_page+0x533/0x1170 [ 39.876529] ? check_preemption_disabled+0x41/0x280 [ 39.881528] ? z_erofs_submit_and_unzip.isra.0+0x1930/0x1930 [ 39.887319] erofs_namei+0x1ab/0x1740 [ 39.891139] ? check_preemption_disabled+0x41/0x280 [ 39.896140] erofs_lookup+0x143/0x500 [ 39.899924] ? erofs_namei+0x1740/0x1740 [ 39.903970] ? __lockdep_init_map+0x100/0x5a0 [ 39.908564] ? __lockdep_init_map+0x100/0x5a0 [ 39.913087] __lookup_slow+0x246/0x4a0 [ 39.916988] ? follow_dotdot_rcu+0x1040/0x1040 [ 39.921843] ? lookup_fast+0x4e9/0x1080 [ 39.925817] ? walk_component+0x798/0xda0 [ 39.929974] walk_component+0x7ac/0xda0 [ 39.933937] ? lookup_fast+0x1080/0x1080 [ 39.937999] ? walk_component+0xda0/0xda0 [ 39.942151] path_lookupat+0x1ff/0x8d0 [ 39.946072] ? path_mountpoint+0xac0/0xac0 [ 39.950307] ? futex_wake+0x159/0x480 [ 39.954618] filename_lookup+0x1ac/0x5a0 [ 39.958779] ? filename_parentat+0x590/0x590 [ 39.963521] ? __phys_addr_symbol+0x2c/0x70 [ 39.967831] ? __check_object_size+0x17b/0x3e0 [ 39.972438] ? getname_flags+0x25b/0x590 [ 39.976541] do_mount+0x147/0x2f10 [ 39.980261] ? kfree+0x110/0x210 [ 39.983639] ? task_work_run+0x11c/0x1c0 [ 39.987685] ? copy_mount_string+0x40/0x40 [ 39.992014] ? __close_fd+0x128/0x200 [ 39.995894] ? __se_sys_futex+0x28f/0x3b0 [ 40.000056] ? __se_sys_futex+0x298/0x3b0 [ 40.004198] ? copy_mount_options+0x26f/0x380 [ 40.008701] ksys_mount+0xcf/0x130 [ 40.012225] __x64_sys_mount+0xba/0x150 [ 40.016208] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 40.020774] do_syscall_64+0xf9/0x620 [ 40.024575] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.029755] RIP: 0033:0x466459 [ 40.032946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 40.052351] RSP: 002b:00007ffe0d7701c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 40.060042] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 40.067557] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000000 [ 40.074812] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 40.082324] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 40.089624] R13: 00007ffe0d770360 R14: 000000000056bf60 R15: 0000000000009ae6 [ 40.096970] Modules linked in: [ 40.101894] ---[ end trace 6df5107dd000687c ]--- [ 40.106696] RIP: 0010:z_erofs_map_blocks_iter+0x122e/0x1aa0 [ 40.113148] Code: 0f 95 c0 84 c1 0f 85 82 08 00 00 48 8b 04 24 8b 5b 04 44 8b 60 20 e9 77 fc ff ff 66 45 85 e4 0f 84 8c 01 00 00 e8 c2 c2 28 fb <0f> 0b e8 bb c2 28 fb 48 89 ef e8 43 d8 47 fb 48 8b 54 24 20 48 b8 [ 40.132685] RSP: 0018:ffff88809575f208 EFLAGS: 00010293 [ 40.138045] RAX: ffff8880abdc6100 RBX: ffff8880ae226778 RCX: ffffffff8639928b [ 40.145977] RDX: 0000000000000000 RSI: ffffffff863997be RDI: 0000000000000003 [ 40.153318] RBP: ffff8880aa7bf2c0 R08: 0000000000000000 R09: 0000000000000002 [ 40.160588] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000003 [ 40.167886] R13: dffffc0000000000 R14: ffffea0002b88980 R15: 0000000000000480 [ 40.175210] FS: 0000000002ba1400(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 40.183830] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.190021] CR2: 000055a719aba788 CR3: 000000009e3aa000 CR4: 00000000001406f0 [ 40.197594] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.204928] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.212373] Kernel panic - not syncing: Fatal exception [ 40.217786] Kernel Offset: disabled [ 40.221402] Rebooting in 86400 seconds..