Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts. 2025/08/22 19:22:10 parsed 1 programs [ 69.269938][ T2703] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/08/22 19:22:19 executed programs: 0 2025/08/22 19:22:25 executed programs: 2 [ 82.773866][ T3635] loop3: detected capacity change from 0 to 16 [ 82.784447][ T3635] erofs (device loop3): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk! [ 82.796173][ T3635] erofs (device loop3): mounted with root inode @ nid 36. [ 82.805116][ T3635] erofs (device loop3): readahead error at folio 7 @ nid 36 [ 82.812740][ T3635] erofs (device loop3): readahead error at folio 6 @ nid 36 [ 82.820512][ T3635] erofs (device loop3): readahead error at folio 5 @ nid 36 [ 82.828113][ T3635] erofs (device loop3): readahead error at folio 3 @ nid 36 [ 82.835622][ T3635] erofs (device loop3): readahead error at folio 2 @ nid 36 [ 82.843727][ T3635] syz.3.17: attempt to access beyond end of device [ 82.843727][ T3635] loop3: rw=524288, sector=1152, nr_sectors = 257 limit=16 [ 82.858636][ T3635] syz.3.17: attempt to access beyond end of device [ 82.858636][ T3635] loop3: rw=524288, sector=256, nr_sectors = 768 limit=16 [ 82.873179][ T3635] syz.3.17: attempt to access beyond end of device [ 82.873179][ T3635] loop3: rw=524288, sector=0, nr_sectors = 129 limit=16 [ 82.887092][ T3635] syz.3.17: attempt to access beyond end of device [ 82.887092][ T3635] loop3: rw=524288, sector=0, nr_sectors = 129 limit=16 [ 82.900897][ T3635] syz.3.17: attempt to access beyond end of device [ 82.900897][ T3635] loop3: rw=524288, sector=3348247, nr_sectors = 129 limit=16 [ 82.916040][ T3635] syz.3.17: attempt to access beyond end of device [ 82.916040][ T3635] loop3: rw=524288, sector=3290679, nr_sectors = 695 limit=16 [ 82.931935][ T3635] syz.3.17: attempt to access beyond end of device [ 82.931935][ T3635] loop3: rw=524288, sector=3552435, nr_sectors = 1589 limit=16 [ 82.947041][ T3635] syz.3.17: attempt to access beyond end of device [ 82.947041][ T3635] loop3: rw=524288, sector=3348786, nr_sectors = 794 limit=16 [ 82.961168][ T3635] syz.3.17: attempt to access beyond end of device [ 82.961168][ T3635] loop3: rw=524288, sector=288, nr_sectors = 1 limit=16 [ 82.976200][ T3635] syz.3.17: attempt to access beyond end of device [ 82.976200][ T3635] loop3: rw=524288, sector=0, nr_sectors = 1281 limit=16 [ 82.995411][ T45] ================================================================== [ 82.999902][ T3635] erofs (device loop3): read error -5 @ 0 of nid 36 [ 83.003655][ T45] BUG: KASAN: global-out-of-bounds in z_erofs_decompress_queue+0x3b1/0x2ef0 [ 83.003681][ T45] Read of size 8 at addr ffffffff8650beb0 by task kworker/u9:0/45 [ 83.003687][ T45] [ 83.003706][ T45] CPU: 1 UID: 0 PID: 45 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(none) [ 83.003714][ T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 83.003719][ T45] Workqueue: erofs_worker z_erofs_decompressqueue_work [ 83.003736][ T45] Call Trace: [ 83.003741][ T45] [ 83.003745][ T45] dump_stack_lvl+0xf4/0x170 [ 83.003755][ T45] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.003763][ T45] ? rcu_is_watching+0x1f/0xa0 [ 83.003769][ T45] ? __virt_addr_valid+0x176/0x2b0 [ 83.003776][ T45] ? lock_release+0x42/0x2f0 [ 83.003781][ T45] ? lock_acquire+0x69/0x210 [ 83.003787][ T45] ? __virt_addr_valid+0x176/0x2b0 [ 83.003792][ T45] ? __virt_addr_valid+0x262/0x2b0 [ 83.003798][ T45] print_report+0xca/0x230 [ 83.003805][ T45] ? z_erofs_decompress_queue+0x3b1/0x2ef0 [ 83.003811][ T45] kasan_report+0x118/0x150 [ 83.003820][ T45] ? z_erofs_decompress_queue+0x3b1/0x2ef0 [ 83.003827][ T45] z_erofs_decompress_queue+0x3b1/0x2ef0 [ 83.003833][ T45] ? stack_depot_save_flags+0x43/0x760 [ 83.003844][ T45] ? __pfx_z_erofs_decompress_queue+0x10/0x10 [ 83.003850][ T45] ? __dequeue_entity+0x4e/0xc60 [ 83.003862][ T45] ? graph_unlock+0x81/0xd0 [ 83.003868][ T45] ? register_lock_class+0x235/0x280 [ 83.003874][ T45] ? process_scheduled_works+0x90e/0x12d0 [ 83.003881][ T45] z_erofs_decompressqueue_work+0x7d/0xd0 [ 83.003888][ T45] ? __pfx_z_erofs_decompressqueue_work+0x10/0x10 [ 83.003895][ T45] process_scheduled_works+0x995/0x12d0 [ 83.003902][ T45] ? do_raw_spin_unlock+0x122/0x240 [ 83.003912][ T45] ? __pfx_process_scheduled_works+0x10/0x10 [ 83.003920][ T45] ? assign_work+0x25f/0x380 [ 83.003927][ T45] worker_thread+0x850/0xc60 [ 83.003937][ T45] kthread+0x59b/0x690 [ 83.003945][ T45] ? __pfx_worker_thread+0x10/0x10 [ 83.003952][ T45] ? __pfx_kthread+0x10/0x10 [ 83.003958][ T45] ? do_raw_spin_unlock+0x122/0x240 [ 83.003965][ T45] ? __pfx_kthread+0x10/0x10 [ 83.003978][ T45] ret_from_fork+0x136/0x2d0 [ 83.003986][ T45] ? __pfx_kthread+0x10/0x10 [ 83.003993][ T45] ret_from_fork_asm+0x1a/0x30 [ 83.004001][ T45] [ 83.004004][ T45] [ 83.012075][ T3635] erofs (device loop3): failed to readdir of logical block 0 of nid 36 [ 83.019219][ T45] The buggy address belongs to the variable: [ 83.019223][ T45] z_erofs_decomp+0x30/0x60 [ 83.019233][ T45] [ 83.019235][ T45] The buggy address belongs to the physical page: [ 83.019239][ T45] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x650b [ 83.019253][ T45] flags: 0x80000000002000(reserved|node=0|zone=1) [ 83.019266][ T45] raw: 0080000000002000 ffffea00001942c8 ffffea00001942c8 0000000000000000 [ 83.019271][ T45] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 83.019274][ T45] page dumped because: kasan: bad access detected [ 83.019283][ T45] page_owner info is not present (never set?) [ 83.313370][ T45] [ 83.315673][ T45] Memory state around the buggy address: [ 83.321469][ T45] ffffffff8650bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.329675][ T45] ffffffff8650be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.337802][ T45] >ffffffff8650be80: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 83.345959][ T45] ^ [ 83.351589][ T45] ffffffff8650bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.359622][ T45] ffffffff8650bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.367650][ T45] ================================================================== [ 83.376194][ T45] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 83.383773][ T45] Kernel Offset: disabled [ 83.388080][ T45] Rebooting in 86400 seconds..