./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2821477417

<...>
Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts.
execve("./syz-executor2821477417", ["./syz-executor2821477417"], 0x7ffc7bf0e9e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555574f4b000
brk(0x555574f4bd00)                     = 0x555574f4bd00
arch_prctl(ARCH_SET_FS, 0x555574f4b380) = 0
set_tid_address(0x555574f4b650)         = 293
set_robust_list(0x555574f4b660, 24)     = 0
rseq(0x555574f4bca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2821477417", 4096) = 28
getrandom("\x7b\x5f\xcc\x46\x2d\xba\xd7\xaa", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555574f4bd00
brk(0x555574f6cd00)                     = 0x555574f6cd00
brk(0x555574f6d000)                     = 0x555574f6d000
mprotect(0x7f5a15da5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555574f4b650) = 294
./strace-static-x86_64: Process 294 attached
[pid   294] set_robust_list(0x555574f4b660, 24) = 0
[pid   294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   294] getppid()                   = 0
[pid   294] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid   294] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid   294] unshare(CLONE_NEWNS)        = 0
[pid   294] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid   294] unshare(CLONE_NEWIPC)       = -1 EINVAL (Invalid argument)
[pid   294] unshare(CLONE_NEWCGROUP)    = 0
[pid   294] unshare(CLONE_NEWUTS)       = 0
[pid   294] unshare(CLONE_SYSVSEM)      = 0
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid   294] getpid()                    = 1
[pid   294] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   294] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid   294] unshare(CLONE_NEWNET)       = 0
[pid   294] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid   294] write(3, "0 65535", 7)      = 7
[pid   294] close(3)                    = 0
[pid   294] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid   294] write(3, "100000", 6)       = 6
[pid   294] close(3)                    = 0
[pid   294] mkdir("./syz-tmp", 0777)    = 0
[pid   294] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid   294] mkdir("./syz-tmp/newroot", 0777) = 0
[pid   294] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[   32.501448][   T24] audit: type=1400 audit(1737023304.390:66): avc:  denied  { execmem } for  pid=293 comm="syz-executor282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   32.522440][   T24] audit: type=1400 audit(1737023304.390:67): avc:  denied  { mounton } for  pid=294 comm="syz-executor282" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid   294] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   294] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid   294] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid   294] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid   294] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   294] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   294] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid   294] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   294] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   294] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid   294] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid   294] mkdir("./syz-tmp/pivot", 0777) = 0
[pid   294] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid   294] chdir("/")                  = 0
[pid   294] umount2("./pivot", MNT_DETACH) = 0
[pid   294] chroot("./newroot")         = 0
[pid   294] chdir("/")                  = 0
[pid   294] mkdir("/dev/gadgetfs", 0777) = 0
[   32.566899][   T24] audit: type=1400 audit(1737023304.460:68): avc:  denied  { mounton } for  pid=294 comm="syz-executor282" path="/root/syz-tmp" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   32.589767][   T24] audit: type=1400 audit(1737023304.460:69): avc:  denied  { mount } for  pid=294 comm="syz-executor282" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[pid   294] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = -1 ENODEV (No such device)
[pid   294] mkdir("/dev/binderfs", 0777) = 0
[pid   294] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid   294] symlink("/dev/binderfs", "./binderfs") = 0
[pid   294] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid   294] write(1, "executing program\n", 18executing program
) = 18
[pid   294] memfd_create("syzkaller", 0) = 3
[pid   294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5a0d8f2000
[pid   294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8192) = 8192
[pid   294] munmap(0x7f5a0d8f2000, 138412032) = 0
[pid   294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   294] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   294] close(3)                    = 0
[   32.612014][   T24] audit: type=1400 audit(1737023304.460:70): avc:  denied  { mounton } for  pid=294 comm="syz-executor282" path="/root/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   32.618907][  T294] request_module fs-gadgetfs succeeded, but still no fs?
[   32.635776][   T24] audit: type=1400 audit(1737023304.460:71): avc:  denied  { mount } for  pid=294 comm="syz-executor282" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   32.664359][   T24] audit: type=1400 audit(1737023304.470:72): avc:  denied  { mounton } for  pid=294 comm="syz-executor282" path="/root/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   32.689552][   T24] audit: type=1400 audit(1737023304.480:73): avc:  denied  { mounton } for  pid=294 comm="syz-executor282" path="/root/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=13781 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[pid   294] close(4)                    = 0
[pid   294] mkdir("./file2", 0777)      = 0
[   32.715502][   T24] audit: type=1400 audit(1737023304.480:74): avc:  denied  { unmount } for  pid=294 comm="syz-executor282" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   32.735047][   T24] audit: type=1400 audit(1737023304.500:75): avc:  denied  { mounton } for  pid=294 comm="syz-executor282" path="/dev/gadgetfs" dev="devtmpfs" ino=509 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[pid   294] mount("/dev/loop0", "./file2", "erofs", MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_NODIRATIME|MS_STRICTATIME, "") = 0
[pid   294] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3
[pid   294] chdir("./file2")            = 0
[pid   294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   294] ioctl(4, LOOP_CLR_FD)       = 0
[pid   294] close(4)                    = 0
[pid   294] openat(AT_FDCWD, ".", O_RDONLY) = 4
[   32.847786][  T294] erofs: (device loop0): mounted with root inode @ nid 36.
[   32.857745][  T294] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[   32.867121][  T294] erofs: (device loop0): z_erofs_readahead: readahead error at page 8589934616 @ nid 36
[   32.876735][  T294] erofs: (device loop0): z_erofs_readahead: readahead error at page 8589934615 @ nid 36
[   32.886474][  T294] erofs: (device loop0): z_erofs_readahead: readahead error at page 8589934614 @ nid 36
[pid   294] fadvise64(4, 35184372122336, 65337, POSIX_FADV_WILLNEED) = 0
[pid   294] exit_group(1)               = ?
[   32.896151][  T294] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[   32.905621][  T294] erofs: (device loop0): z_erofs_readahead: readahead error at page 8589934613 @ nid 36
[   32.915271][  T294] erofs: (device loop0): z_erofs_readahead: readahead error at page 8589934612 @ nid 36
[   32.924853][  T294] erofs: (device loop0): z_erofs_readahead: readahead error at page 8589934611 @ nid 36
[   32.934548][  T294] erofs: (device loop0): z_erofs_readahead: readahead error at page 8589934610 @ nid 36
[   32.945048][   T42] ------------[ cut here ]------------
[   32.950469][   T42] WARNING: CPU: 1 PID: 42 at mm/page_alloc.c:3801 get_page_from_freelist+0x48f/0x2f30
[   32.960368][   T42] Modules linked in:
[   32.964166][   T42] CPU: 1 PID: 42 Comm: erofs_worker/1 Not tainted 5.10.233-syzkaller-00881-gfbe98d68b6b3 #0
[   32.974180][   T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   32.984675][   T42] RIP: 0010:get_page_from_freelist+0x48f/0x2f30
[   32.990889][   T42] Code: 00 4c 89 f0 48 c1 e8 03 0f b6 04 08 84 c0 0f 85 33 27 00 00 41 8b 06 48 89 44 24 20 80 bc 24 d8 00 00 00 00 0f 84 56 05 00 00 <0f> 0b e9 4f 05 00 00 41 f6 c5 18 0f 85 fa 25 00 00 48 8b 44 24 08
[   33.011288][   T42] RSP: 0018:ffffc900006bf2a0 EFLAGS: 00010202
[   33.017470][   T42] RAX: 0000000000000000 RBX: ffffffff86e00140 RCX: dffffc0000000000
[   33.026326][   T42] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffc900006bf5f0
[   33.034559][   T42] RBP: ffffc900006bf510 R08: dffffc0000000000 R09: fffffbfff0dbff5c
[   33.043461][   T42] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
[   33.051759][   T42] R13: 0000000000000901 R14: ffffc900006bf5f8 R15: 00000000000d52ae
[   33.059701][   T42] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   33.068828][   T42] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.075986][   T42] CR2: 0000558b546053e8 CR3: 000000011a965000 CR4: 00000000003506a0
[   33.083929][   T42] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.091793][   T42] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.099969][   T42] Call Trace:
[   33.103979][   T42]  ? show_regs+0x58/0x60
[   33.108399][   T42]  ? __warn+0x160/0x2f0
[   33.112426][   T42]  ? get_page_from_freelist+0x48f/0x2f30
[   33.117953][   T42]  ? report_bug+0x3d9/0x5b0
[   33.122348][   T42]  ? get_page_from_freelist+0x48f/0x2f30
[   33.127894][   T42]  ? handle_bug+0x41/0x70
[   33.132115][   T42]  ? exc_invalid_op+0x1b/0x50
[   33.136704][   T42]  ? asm_exc_invalid_op+0x12/0x20
[   33.141593][   T42]  ? get_page_from_freelist+0x48f/0x2f30
[   33.147286][   T42]  ? __alloc_pages_nodemask+0xaf0/0xaf0
[   33.152741][   T42]  ? lruvec_init+0x150/0x150
[   33.157376][   T42]  __alloc_pages_nodemask+0x435/0xaf0
[   33.162641][   T42]  ? gfp_pfmemalloc_allowed+0x120/0x120
[   33.168123][   T42]  kmalloc_order+0x4c/0x170
[   33.172769][   T42]  kmalloc_order_trace+0x18/0x90
[   33.177590][   T42]  __kmalloc+0x1f1/0x330
[   33.181714][   T42]  ? mutex_trylock+0xa0/0xa0
[   33.186173][   T42]  kvmalloc_node+0x82/0x130
[   33.190583][   T42]  z_erofs_decompress_queue+0x338/0x1d20
[   33.196120][   T42]  ? z_erofs_onlinepage_endio+0x170/0x170
[   33.201755][   T42]  ? _raw_spin_unlock_irq+0x4e/0x70
[   33.207002][   T42]  ? finish_task_switch+0x130/0x5a0
[   33.212082][   T42]  ? __switch_to_asm+0x34/0x60
[   33.216764][   T42]  ? __schedule+0xbee/0x1330
[   33.221263][   T42]  z_erofs_decompressqueue_kthread_work+0x95/0xe0
[   33.227564][   T42]  ? z_erofs_decompress_kickoff+0x3d0/0x3d0
[   33.233338][   T42]  ? finish_task_switch+0x130/0x5a0
[   33.238424][   T42]  ? __kasan_check_read+0x11/0x20
[   33.243242][   T42]  kthread_worker_fn+0x48b/0x920
[   33.248103][   T42]  ? z_erofs_decompress_kickoff+0x3d0/0x3d0
[   33.253886][   T42]  ? __kthread_init_worker+0xb0/0xb0
[   33.259074][   T42]  ? __kasan_check_read+0x11/0x20
[   33.263988][   T42]  ? __kthread_parkme+0xb9/0x1c0
[   33.268899][   T42]  kthread+0x34b/0x3d0
[   33.272852][   T42]  ? __kthread_init_worker+0xb0/0xb0
[   33.278033][   T42]  ? kthread_blkcg+0xd0/0xd0
[   33.282507][   T42]  ret_from_fork+0x1f/0x30
[   33.286863][   T42] ---[ end trace cf2105fa19a4556e ]---
[   33.292882][   T42] BUG: unable to handle page fault for address: ffffed112437ffff
[   33.300457][   T42] #PF: supervisor read access in kernel mode
[   33.306236][   T42] #PF: error_code(0x0000) - not-present page
[   33.312053][   T42] PGD 23fff2067 P4D 23fff2067 PUD 0 
[   33.317190][   T42] Oops: 0000 [#1] PREEMPT SMP KASAN
[   33.322254][   T42] CPU: 1 PID: 42 Comm: erofs_worker/1 Tainted: G        W         5.10.233-syzkaller-00881-gfbe98d68b6b3 #0
[   33.333665][   T42] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   33.343668][   T42] RIP: 0010:z_erofs_decompress_queue+0x863/0x1d20
[   33.349891][   T42] Code: c0 0f 85 db 01 00 00 41 8b 04 24 c1 f8 02 89 c0 48 8b 4c 24 70 4c 8d 3c c1 4d 89 fc 49 c1 ec 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 04 00 74 08 4c 89 ff e8 4e f4 7e ff 4d 8b 37 4d 85 f6 0f
[   33.369332][   T42] RSP: 0018:ffffc900006bf7c0 EFLAGS: 00010a06
[   33.375233][   T42] RAX: dffffc0000000000 RBX: ffffea0004843b40 RCX: ffff888121c00000
[   33.383042][   T42] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea0004843b68
[   33.390874][   T42] RBP: ffffc900006bfd30 R08: dffffc0000000000 R09: fffff9400090876e
[   33.398679][   T42] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1112437ffff
[   33.406661][   T42] R13: 0000000000000000 R14: ffffea0004843b40 R15: ffff888921bffff8
[   33.414564][   T42] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   33.423333][   T42] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.429793][   T42] CR2: ffffed112437ffff CR3: 000000011a965000 CR4: 00000000003506a0
[   33.437556][   T42] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.445379][   T42] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.453189][   T42] Call Trace:
[   33.456321][   T42]  ? __die_body+0x62/0xb0
[   33.460474][   T42]  ? __die+0x7e/0x90
[   33.464204][   T42]  ? no_context+0x9f9/0xd20
[   33.468550][   T42]  ? is_prefetch+0x5c0/0x5c0
[   33.472981][   T42]  ? __alloc_pages_nodemask+0x435/0xaf0
[   33.478372][   T42]  ? __bad_area_nosemaphore+0xc4/0x430
[   33.483657][   T42]  ? bad_area_nosemaphore+0x2d/0x40
[   33.488686][   T42]  ? do_kern_addr_fault+0x69/0x80
[   33.493636][   T42]  ? exc_page_fault+0x38e/0x5b0
[   33.498320][   T42]  ? asm_exc_page_fault+0x1e/0x30
[   33.503191][   T42]  ? z_erofs_decompress_queue+0x863/0x1d20
[   33.508840][   T42]  ? z_erofs_onlinepage_endio+0x170/0x170
[   33.514413][   T42]  ? _raw_spin_unlock_irq+0x4e/0x70
[   33.519419][   T42]  ? finish_task_switch+0x130/0x5a0
[   33.524449][   T42]  ? __switch_to_asm+0x34/0x60
[   33.529053][   T42]  ? __schedule+0xbee/0x1330
[   33.533491][   T42]  z_erofs_decompressqueue_kthread_work+0x95/0xe0
[   33.539737][   T42]  ? z_erofs_decompress_kickoff+0x3d0/0x3d0
[   33.545455][   T42]  ? finish_task_switch+0x130/0x5a0
[   33.550493][   T42]  ? __kasan_check_read+0x11/0x20
[   33.555361][   T42]  kthread_worker_fn+0x48b/0x920
[   33.560145][   T42]  ? z_erofs_decompress_kickoff+0x3d0/0x3d0
[   33.565861][   T42]  ? __kthread_init_worker+0xb0/0xb0
[   33.570980][   T42]  ? __kasan_check_read+0x11/0x20
[   33.575839][   T42]  ? __kthread_parkme+0xb9/0x1c0
[   33.580614][   T42]  kthread+0x34b/0x3d0
[   33.584517][   T42]  ? __kthread_init_worker+0xb0/0xb0
[   33.589653][   T42]  ? kthread_blkcg+0xd0/0xd0
[   33.594062][   T42]  ret_from_fork+0x1f/0x30
[   33.598300][   T42] Modules linked in:
[   33.602051][   T42] CR2: ffffed112437ffff
[   33.606063][   T42] ---[ end trace cf2105fa19a4556f ]---
[   33.611353][   T42] RIP: 0010:z_erofs_decompress_queue+0x863/0x1d20
[   33.617599][   T42] Code: c0 0f 85 db 01 00 00 41 8b 04 24 c1 f8 02 89 c0 48 8b 4c 24 70 4c 8d 3c c1 4d 89 fc 49 c1 ec 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 04 00 74 08 4c 89 ff e8 4e f4 7e ff 4d 8b 37 4d 85 f6 0f
[   33.637027][   T42] RSP: 0018:ffffc900006bf7c0 EFLAGS: 00010a06
[   33.642937][   T42] RAX: dffffc0000000000 RBX: ffffea0004843b40 RCX: ffff888121c00000
[   33.650990][   T42] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea0004843b68
[   33.658811][   T42] RBP: ffffc900006bfd30 R08: dffffc0000000000 R09: fffff9400090876e
[   33.666614][   T42] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1112437ffff
[   33.674443][   T42] R13: 0000000000000000 R14: ffffea0004843b40 R15: ffff888921bffff8
[   33.682247][   T42] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   33.691005][   T42] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   33.697434][   T42] CR2: ffffed112437ffff CR3: 000000011a965000 CR4: 00000000003506a0
[   33.705501][   T42] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.713304][   T42] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.721104][   T42] Kernel panic - not syncing: Fatal exception
[   33.727202][   T42] Kernel Offset: disabled
[   33.731363][   T42] Rebooting in 86400 seconds..