ci2 starts bisection 2023-01-21 07:03:56.731411889 +0000 UTC m=+23203.580052469 bisecting fixing commit since 0118fb827bc7a775f1025df6f63f709c8a4e340c building syzkaller on 08977f5d5e344fa0ac0b80af0b72fc3f1468d6a5 ensuring issue is reproducible on original commit 0118fb827bc7a775f1025df6f63f709c8a4e340c testing commit 0118fb827bc7a775f1025df6f63f709c8a4e340c gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2173d4fc13903c32702cbe7d5cdbde866924d6eba0506a60dd01a4bc8d8d17ff all runs: crashed: BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster testing current HEAD 416c4356f37295d6da2d7b290069f9adb349dc9f testing commit 416c4356f37295d6da2d7b290069f9adb349dc9f gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: baaa32c0f60a32746027195b6acd800152dfa46dcfc1924979fa26b4f48250ff all runs: crashed: BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster revisions tested: 2, total time: 21m17.126148862s (build: 13m49.478527728s, test: 5m45.353682515s) the crash still happens on HEAD commit msg: Merge 5.10.161 into android12-5.10-lts crash: BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster erofs: (device loop0): mounted with root inode @ nid 36. attempt to access beyond end of device loop0: rw=0, want=2201354232, limit=264192 BUG: unable to handle page fault for address: fffff5210011ce27 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 23ffef067 P4D 23ffef067 PUD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 410 Comm: syz-executor.0 Not tainted 5.10.161-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:z_erofs_decompress_pcluster+0x4c2/0x1810 fs/erofs/zdata.c:914 Code: 5b 94 ff 42 8a 04 2b 84 c0 0f 85 93 02 00 00 41 8b 06 c1 f8 02 89 c0 48 8b 4c 24 48 4c 8d 34 c1 4c 89 e8 4d 89 f5 49 c1 ed 03 <41> 80 7c 05 00 00 74 08 4c 89 f7 e8 ce 59 94 ff 49 8b 1e 48 85 db RSP: 0018:ffffc900008e7080 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: 1ffffd4000904aed RCX: ffffc900008e7140 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea0004825768 RBP: ffffc900008e7570 R08: dffffc0000000000 R09: fffff94000904aee R10: fffff94000904aee R11: 1ffffd4000904aed R12: 0000000000000000 R13: 1ffff9210011ce27 R14: ffffc908008e7138 R15: ffffea0004825740 FS: 00007fa8caff5700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff5210011ce27 CR3: 000000010d742000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: z_erofs_decompress_queue fs/erofs/zdata.c:1059 [inline] z_erofs_runqueue+0xaf5/0xc10 fs/erofs/zdata.c:1380 z_erofs_readpage+0x2ae/0x4e0 fs/erofs/zdata.c:1398 do_read_cache_page+0x46c/0x580 mm/filemap.c:3156 read_cache_page+0x48/0x70 mm/filemap.c:3255 read_mapping_page include/linux/pagemap.h:498 [inline] find_target_block_classic+0x11c/0x8b0 fs/erofs/namei.c:105 erofs_namei+0x192/0x9b0 fs/erofs/namei.c:185 erofs_lookup+0x11a/0x360 fs/erofs/namei.c:229 __lookup_hash+0x192/0x1f0 fs/namei.c:1531 filename_create+0x1bd/0x620 fs/namei.c:3547 user_path_create fs/namei.c:3604 [inline] do_mknodat+0x149/0x3a0 fs/namei.c:3667 __do_sys_mknodat fs/namei.c:3702 [inline] __se_sys_mknodat fs/namei.c:3699 [inline] __x64_sys_mknodat+0x96/0xb0 fs/namei.c:3699 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 RIP: 0033:0x7fa8cb4815a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa8caff5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 RAX: ffffffffffffffda RBX: 00007fa8cb5a1f80 RCX: 00007fa8cb4815a9 RDX: 0000000000000004 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00007fa8cb4dc7b0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc6af0989f R14: 00007fa8caff5300 R15: 0000000000022000 Modules linked in: CR2: fffff5210011ce27 ---[ end trace 4a8e5bb575a9f03f ]--- RIP: 0010:z_erofs_decompress_pcluster+0x4c2/0x1810 fs/erofs/zdata.c:914 Code: 5b 94 ff 42 8a 04 2b 84 c0 0f 85 93 02 00 00 41 8b 06 c1 f8 02 89 c0 48 8b 4c 24 48 4c 8d 34 c1 4c 89 e8 4d 89 f5 49 c1 ed 03 <41> 80 7c 05 00 00 74 08 4c 89 f7 e8 ce 59 94 ff 49 8b 1e 48 85 db RSP: 0018:ffffc900008e7080 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: 1ffffd4000904aed RCX: ffffc900008e7140 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea0004825768 RBP: ffffc900008e7570 R08: dffffc0000000000 R09: fffff94000904aee R10: fffff94000904aee R11: 1ffffd4000904aed R12: 0000000000000000 R13: 1ffff9210011ce27 R14: ffffc908008e7138 R15: ffffea0004825740 FS: 00007fa8caff5700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff5210011ce27 CR3: 000000010d742000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 5b pop %rbx 1: 94 xchg %eax,%esp 2: ff 42 8a incl -0x76(%rdx) 5: 04 2b add $0x2b,%al 7: 84 c0 test %al,%al 9: 0f 85 93 02 00 00 jne 0x2a2 f: 41 8b 06 mov (%r14),%eax 12: c1 f8 02 sar $0x2,%eax 15: 89 c0 mov %eax,%eax 17: 48 8b 4c 24 48 mov 0x48(%rsp),%rcx 1c: 4c 8d 34 c1 lea (%rcx,%rax,8),%r14 20: 4c 89 e8 mov %r13,%rax 23: 4d 89 f5 mov %r14,%r13 26: 49 c1 ed 03 shr $0x3,%r13 * 2a: 41 80 7c 05 00 00 cmpb $0x0,0x0(%r13,%rax,1) <-- trapping instruction 30: 74 08 je 0x3a 32: 4c 89 f7 mov %r14,%rdi 35: e8 ce 59 94 ff callq 0xff945a08 3a: 49 8b 1e mov (%r14),%rbx 3d: 48 85 db test %rbx,%rbx