./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2222770158
<...>
Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts.
execve("./syz-executor2222770158", ["./syz-executor2222770158"], 0x7ffec41ffd00 /* 10 vars */) = 0
brk(NULL) = 0x555557336000
brk(0x555557336d00) = 0x555557336d00
arch_prctl(ARCH_SET_FS, 0x555557336380) = 0
set_tid_address(0x555557336650) = 299
set_robust_list(0x555557336660, 24) = 0
rseq(0x555557336ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2222770158", 4096) = 28
getrandom("\x75\x6a\xb2\xe8\x65\x1c\x23\xd3", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557336d00
brk(0x555557357d00) = 0x555557357d00
brk(0x555557358000) = 0x555557358000
mprotect(0x7fbd767dc000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.rSFuQ1", 0700) = 0
chmod("./syzkaller.rSFuQ1", 0777) = 0
chdir("./syzkaller.rSFuQ1") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557336650) = 301
./strace-static-x86_64: Process 301 attached
[pid 301] set_robust_list(0x555557336660, 24) = 0
[pid 301] chdir("./0") = 0
[pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 301] setpgid(0, 0) = 0
[pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 301] write(3, "1000", 4) = 4
[pid 301] close(3) = 0
[pid 301] symlink("/dev/binderfs", "./binderfs") = 0
[pid 301] memfd_create("syzkaller", 0) = 3
[pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbd6e329000
[pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8192) = 8192
[pid 301] munmap(0x7fbd6e329000, 8192) = 0
[pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 301] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 301] close(3) = 0
[ 25.194696][ T28] audit: type=1400 audit(1692593764.680:66): avc: denied { execmem } for pid=299 comm="syz-executor222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 25.214263][ T28] audit: type=1400 audit(1692593764.680:67): avc: denied { read write } for pid=299 comm="syz-executor222" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 25.214647][ T301] loop0: detected capacity change from 0 to 16
[pid 301] mkdir("./file0", 0777) = 0
[pid 301] mount("/dev/loop0", "./file0", "erofs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_SILENT|MS_LAZYTIME, "") = 0
[pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 301] chdir("./file0") = 0
[pid 301] ioctl(4, LOOP_CLR_FD) = 0
[pid 301] close(4) = 0
[pid 301] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 301] write(4, "9", 1) = 1
[ 25.238575][ T28] audit: type=1400 audit(1692593764.680:68): avc: denied { open } for pid=299 comm="syz-executor222" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 25.246904][ T301] erofs: (device loop0): mounted with root inode @ nid 36.
[ 25.268221][ T28] audit: type=1400 audit(1692593764.680:69): avc: denied { ioctl } for pid=299 comm="syz-executor222" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 25.287004][ T301] erofs: (device loop0): z_erofs_pcluster_readmore: readmore error at page 0 @ nid 36
[ 25.300918][ T28] audit: type=1400 audit(1692593764.730:70): avc: denied { mounton } for pid=301 comm="syz-executor222" path="/root/syzkaller.rSFuQ1/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 25.312292][ T301] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 0 in[1, 1248] out[4095]
[pid 301] open("./file1", O_RDONLY) = -1 EUCLEAN (Structure needs cleaning)
[pid 301] exit_group(0) = ?
[pid 301] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=11} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555573376f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555733f730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555733f730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x5555573376f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557336650) = 303
./strace-static-x86_64: Process 303 attached
[pid 303] set_robust_list(0x555557336660, 24) = 0
[pid 303] chdir("./1") = 0
[pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 303] setpgid(0, 0) = 0
[pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 303] write(3, "1000", 4) = 4
[pid 303] close(3) = 0
[pid 303] symlink("/dev/binderfs", "./binderfs") = 0
[pid 303] memfd_create("syzkaller", 0) = 3
[pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbd6e329000
[ 25.334087][ T28] audit: type=1400 audit(1692593764.760:71): avc: denied { mount } for pid=301 comm="syz-executor222" name="/" dev="loop0" ino=36 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 25.369315][ T301] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8192) = 8192
[pid 303] munmap(0x7fbd6e329000, 8192) = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 303] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 303] close(3) = 0
[pid 303] mkdir("./file0", 0777) = 0
[pid 303] mount("/dev/loop0", "./file0", "erofs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_SILENT|MS_LAZYTIME, "") = 0
[pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 303] chdir("./file0") = 0
[pid 303] ioctl(4, LOOP_CLR_FD) = 0
[pid 303] close(4) = 0
[pid 303] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 303] write(4, "9", 1) = 1
[ 25.385207][ T28] audit: type=1400 audit(1692593764.860:72): avc: denied { unmount } for pid=299 comm="syz-executor222" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 25.393795][ T303] loop0: detected capacity change from 0 to 16
[ 25.411641][ T303] erofs: (device loop0): mounted with root inode @ nid 36.
[ 25.419616][ T303] erofs: (device loop0): z_erofs_pcluster_readmore: readmore error at page 0 @ nid 36
[ 25.429135][ T303] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 0 in[1, 1248] out[4095]
[pid 303] open("./file1", O_RDONLY) = -1 EUCLEAN (Structure needs cleaning)
[pid 303] exit_group(0) = ?
[pid 303] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555573376f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555733f730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555733f730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x5555573376f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557336650) = 305
./strace-static-x86_64: Process 305 attached
[pid 305] set_robust_list(0x555557336660, 24) = 0
[pid 305] chdir("./2") = 0
[pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 305] setpgid(0, 0) = 0
[pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 305] write(3, "1000", 4) = 4
[pid 305] close(3) = 0
[pid 305] symlink("/dev/binderfs", "./binderfs") = 0
[pid 305] memfd_create("syzkaller", 0) = 3
[pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbd6e329000
[pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8192) = 8192
[pid 305] munmap(0x7fbd6e329000, 8192) = 0
[pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 305] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 305] close(3) = 0
[pid 305] mkdir("./file0", 0777) = 0
[pid 305] mount("/dev/loop0", "./file0", "erofs", MS_NOSUID|MS_NOEXEC|MS_DIRSYNC|MS_SILENT|MS_LAZYTIME, "") = 0
[pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 305] chdir("./file0") = 0
[pid 305] ioctl(4, LOOP_CLR_FD) = 0
[pid 305] close(4) = 0
[pid 305] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 305] write(4, "9", 1) = 1
[ 25.444347][ T303] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117]
[ 25.475115][ T305] loop0: detected capacity change from 0 to 16
[ 25.482122][ T305] erofs: (device loop0): mounted with root inode @ nid 36.
[ 25.490291][ T305] FAULT_INJECTION: forcing a failure.
[ 25.490291][ T305] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 25.503372][ T305] CPU: 0 PID: 305 Comm: syz-executor222 Not tainted 6.1.25-syzkaller-00052-gc2611a04b92f #0
[ 25.513181][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 25.523077][ T305] Call Trace:
[ 25.526201][ T305]
[ 25.528976][ T305] dump_stack_lvl+0x151/0x1b7
[ 25.533491][ T305] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 25.538790][ T305] ? kasan_set_track+0x60/0x70
[ 25.543385][ T305] dump_stack+0x15/0x17
[ 25.547376][ T305] should_fail_ex+0x3d0/0x520
[ 25.551891][ T305] should_fail_alloc_page+0x68/0x90
[ 25.556928][ T305] __alloc_pages+0x1f4/0x780
[ 25.561353][ T305] ? prep_new_page+0x110/0x110
[ 25.565952][ T305] __folio_alloc+0x15/0x40
[ 25.570207][ T305] do_read_cache_folio+0x1c8/0x3f0
[ 25.575156][ T305] ? blkdev_writepage+0x30/0x30
[ 25.579842][ T305] read_cache_folio+0x4e/0x70
[ 25.584351][ T305] erofs_bread+0x13b/0x480
[ 25.588603][ T305] erofs_read_metabuf+0x73/0x80
[ 25.593290][ T305] z_erofs_do_read_page+0x1658/0x3970
[ 25.598501][ T305] ? xas_create+0x1554/0x16e0
[ 25.603011][ T305] ? z_erofs_pcluster_readmore+0x510/0x510
[ 25.608652][ T305] ? z_erofs_pcluster_readmore+0x42d/0x510
[ 25.614295][ T305] z_erofs_read_folio+0x26c/0x610
[ 25.619154][ T305] ? xas_nomem+0x1c6/0x200
[ 25.623406][ T305] ? z_erofs_rcu_callback+0x1a0/0x1a0
[ 25.628618][ T305] ? workingset_activation+0x430/0x430
[ 25.633910][ T305] ? z_erofs_rcu_callback+0x1a0/0x1a0
[ 25.639123][ T305] filemap_read_folio+0xfc/0x2a0
[ 25.643891][ T305] ? maybe_unlock_mmap_for_io+0x1e0/0x1e0
[ 25.649444][ T305] do_read_cache_folio+0x20d/0x3f0
[ 25.654392][ T305] ? z_erofs_rcu_callback+0x1a0/0x1a0
[ 25.659598][ T305] read_cache_folio+0x4e/0x70
[ 25.664118][ T305] erofs_bread+0x13b/0x480
[ 25.668366][ T305] erofs_namei+0x1b6/0xcf0
[ 25.672617][ T305] ? __d_lookup_rcu+0x34f/0x3e0
[ 25.677305][ T305] ? erofs_iomap_end+0x170/0x170
[ 25.682076][ T305] ? d_alloc_parallel+0x112b/0x1270
[ 25.687120][ T305] ? legitimize_links+0x2ae/0x420
[ 25.691975][ T305] erofs_lookup+0x109/0x300
[ 25.696318][ T305] ? erofs_namei+0xcf0/0xcf0
[ 25.700740][ T305] ? erofs_namei+0xcf0/0xcf0
[ 25.705163][ T305] path_openat+0x10fd/0x2d60
[ 25.709593][ T305] ? do_filp_open+0x480/0x480
[ 25.714110][ T305] do_filp_open+0x230/0x480
[ 25.718445][ T305] ? vfs_tmpfile+0x480/0x480
[ 25.722878][ T305] ? alloc_fd+0x4fa/0x5a0
[ 25.727036][ T305] do_sys_openat2+0x13f/0x850
[ 25.731548][ T305] ? memset+0x35/0x40
[ 25.735369][ T305] ? do_sys_open+0x220/0x220
[ 25.739794][ T305] ? ptrace_notify+0x249/0x350
[ 25.744395][ T305] __x64_sys_open+0x221/0x270
[ 25.748908][ T305] ? do_sys_openat2+0x850/0x850
[ 25.753596][ T305] ? syscall_enter_from_user_mode+0x6a/0x190
[ 25.759409][ T305] do_syscall_64+0x3d/0xb0
[ 25.763662][ T305] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 25.769391][ T305] RIP: 0033:0x7fbd76768169
[ 25.773645][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 25.793084][ T305] RSP: 002b:00007fff8aaf0818 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 25.801328][ T305] RAX: ffffffffffffffda RBX: 00007fff8aaf0840 RCX: 00007fbd76768169
[ 25.809140][ T305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 25.816952][ T305] RBP: 0000000000000001 R08: 00007fff8aaf05b7 R09: 000000000200808a
[ 25.824763][ T305] R10: 0000000000000001 R11: 0000000000000246 R12: 00007fff8aaf0870
[ 25.832576][ T305] R13: 00007fff8aaf08b0 R14: 0000000000002000 R15: 0000000000000003
[ 25.840391][ T305]
[ 25.843764][ T305] erofs: (device loop0): z_erofs_do_read_page: failed to get inline page, err -12
[ 25.852795][ T305] general protection fault, probably for non-canonical address 0xe0009d100000009c: 0000 [#1] PREEMPT SMP KASAN
[ 25.864304][ T305] KASAN: maybe wild-memory-access in range [0x00050880000004e0-0x00050880000004e7]
[ 25.873416][ T305] CPU: 0 PID: 305 Comm: syz-executor222 Not tainted 6.1.25-syzkaller-00052-gc2611a04b92f #0
[ 25.883310][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 25.893205][ T305] RIP: 0010:LZ4_decompress_safe_partial+0x18af/0x1920
[ 25.899800][ T305] Code: b3 bf 01 00 00 00 44 89 f6 e8 3d 22 f6 fe 41 83 fe 01 75 5d e8 82 1e f6 fe 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 4f 41 0f b6 1c 24 45 31 f6 31 ff 89 de e8 e8
[ 25.919243][ T305] RSP: 0018:ffffc90000ed68e8 EFLAGS: 00010206
[ 25.925142][ T305] RAX: 0000a1100000009c RBX: 0000000000000000 RCX: dffffc0000000000
[ 25.932956][ T305] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 25.940767][ T305] RBP: ffffc90000ed6990 R08: ffffffff827ed003 R09: ffffc90000ed6e50
[ 25.948580][ T305] R10: 0000000000000000 R11: dffffc0000000001 R12: 00050880000004e0
[ 25.956390][ T305] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 25.964200][ T305] FS: 0000555557336380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 25.972965][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.979389][ T305] CR2: 00007fbd6e32afd2 CR3: 000000010b85b000 CR4: 00000000003506b0
[ 25.987201][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 25.995012][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 26.002822][ T305] Call Trace:
[ 26.005947][ T305]
[ 26.008723][ T305] ? desc_read+0x214/0x420
[ 26.012980][ T305] ? __kasan_check_write+0x14/0x20
[ 26.017926][ T305] ? desc_read+0x1bb/0x420
[ 26.022179][ T305] z_erofs_lz4_decompress+0x13f0/0x1ba0
[ 26.027561][ T305] ? z_erofs_decompress+0xb0/0xb0
[ 26.032418][ T305] ? console_emit_next_record+0x27a/0xa70
[ 26.037977][ T305] ? __kasan_check_write+0x14/0x20
[ 26.042919][ T305] ? mutex_lock+0xb1/0x1e0
[ 26.047174][ T305] ? __kasan_check_write+0x14/0x20
[ 26.052125][ T305] ? bit_wait_io_timeout+0x120/0x120
[ 26.057247][ T305] z_erofs_decompress+0x76/0xb0
[ 26.061931][ T305] z_erofs_decompress_queue+0x1cf5/0x32b0
[ 26.067483][ T305] ? llist_add_batch+0x160/0x1d0
[ 26.072260][ T305] ? z_erofs_runqueue+0x1500/0x1500
[ 26.077293][ T305] ? secondary_startup_64_no_verify+0x9b/0xdb
[ 26.083193][ T305] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 26.088491][ T305] ? z_erofs_decompressqueue_endio+0x4c0/0x4c0
[ 26.094477][ T305] ? _erofs_err+0x137/0x180
[ 26.098816][ T305] z_erofs_runqueue+0x13b1/0x1500
[ 26.103676][ T305] ? __kasan_check_write+0x14/0x20
[ 26.108625][ T305] ? z_erofs_do_read_page+0x3970/0x3970
[ 26.114009][ T305] ? z_erofs_pcluster_readmore+0x510/0x510
[ 26.119645][ T305] ? __mutex_lock_slowpath+0x10/0x10
[ 26.124766][ T305] ? z_erofs_pcluster_readmore+0x42d/0x510
[ 26.130413][ T305] z_erofs_read_folio+0x3d4/0x610
[ 26.135271][ T305] ? xas_nomem+0x1c6/0x200
[ 26.139525][ T305] ? z_erofs_rcu_callback+0x1a0/0x1a0
[ 26.144732][ T305] ? workingset_activation+0x430/0x430
[ 26.150025][ T305] ? z_erofs_rcu_callback+0x1a0/0x1a0
[ 26.155230][ T305] filemap_read_folio+0xfc/0x2a0
[ 26.160004][ T305] ? maybe_unlock_mmap_for_io+0x1e0/0x1e0
[ 26.165559][ T305] do_read_cache_folio+0x20d/0x3f0
[ 26.170505][ T305] ? z_erofs_rcu_callback+0x1a0/0x1a0
[ 26.175714][ T305] read_cache_folio+0x4e/0x70
[ 26.180226][ T305] erofs_bread+0x13b/0x480
[ 26.184479][ T305] erofs_namei+0x1b6/0xcf0
[ 26.188731][ T305] ? __d_lookup_rcu+0x34f/0x3e0
[ 26.193419][ T305] ? erofs_iomap_end+0x170/0x170
[ 26.198192][ T305] ? d_alloc_parallel+0x112b/0x1270
[ 26.203226][ T305] ? legitimize_links+0x2ae/0x420
[ 26.208090][ T305] erofs_lookup+0x109/0x300
[ 26.212426][ T305] ? erofs_namei+0xcf0/0xcf0
[ 26.216855][ T305] ? erofs_namei+0xcf0/0xcf0
[ 26.221279][ T305] path_openat+0x10fd/0x2d60
[ 26.225710][ T305] ? do_filp_open+0x480/0x480
[ 26.230219][ T305] do_filp_open+0x230/0x480
[ 26.234558][ T305] ? vfs_tmpfile+0x480/0x480
[ 26.238988][ T305] ? alloc_fd+0x4fa/0x5a0
[ 26.243151][ T305] do_sys_openat2+0x13f/0x850
[ 26.247664][ T305] ? memset+0x35/0x40
[ 26.251484][ T305] ? do_sys_open+0x220/0x220
[ 26.255909][ T305] ? ptrace_notify+0x249/0x350
[ 26.260508][ T305] __x64_sys_open+0x221/0x270
[ 26.265023][ T305] ? do_sys_openat2+0x850/0x850
[ 26.269712][ T305] ? syscall_enter_from_user_mode+0x6a/0x190
[ 26.275526][ T305] do_syscall_64+0x3d/0xb0
[ 26.279776][ T305] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 26.285505][ T305] RIP: 0033:0x7fbd76768169
[ 26.289758][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 26.309199][ T305] RSP: 002b:00007fff8aaf0818 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 26.317443][ T305] RAX: ffffffffffffffda RBX: 00007fff8aaf0840 RCX: 00007fbd76768169
[ 26.325255][ T305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 26.333066][ T305] RBP: 0000000000000001 R08: 00007fff8aaf05b7 R09: 000000000200808a
[ 26.340879][ T305] R10: 0000000000000001 R11: 0000000000000246 R12: 00007fff8aaf0870
[ 26.348688][ T305] R13: 00007fff8aaf08b0 R14: 0000000000002000 R15: 0000000000000003
[ 26.356504][ T305]
[ 26.359366][ T305] Modules linked in:
[ 26.363158][ T305] ---[ end trace 0000000000000000 ]---
[ 26.368405][ T305] RIP: 0010:LZ4_decompress_safe_partial+0x18af/0x1920
[ 26.375002][ T305] Code: b3 bf 01 00 00 00 44 89 f6 e8 3d 22 f6 fe 41 83 fe 01 75 5d e8 82 1e f6 fe 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 4f 41 0f b6 1c 24 45 31 f6 31 ff 89 de e8 e8
[ 26.394448][ T305] RSP: 0018:ffffc90000ed68e8 EFLAGS: 00010206
[ 26.400333][ T305] RAX: 0000a1100000009c RBX: 0000000000000000 RCX: dffffc0000000000
[ 26.408153][ T305] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 26.415967][ T305] RBP: ffffc90000ed6990 R08: ffffffff827ed003 R09: ffffc90000ed6e50
[ 26.423766][ T305] R10: 0000000000000000 R11: dffffc0000000001 R12: 00050880000004e0
[ 26.431596][ T305] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[ 26.439397][ T305] FS: 0000555557336380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 26.448171][ T305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 26.454590][ T305] CR2: 00007fbd6e32afd2 CR3: 000000010b85b000 CR4: 00000000003506b0
[ 26.462392][ T305] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 26.470216][ T305] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 26.478021][ T305] Kernel panic - not syncing: Fatal exception
[ 26.484077][ T305] Kernel Offset: disabled
[ 26.488192][ T305] Rebooting in 86400 seconds..