erofs: (device loop0): mounted with opts: , root inode @ nid 36. attempt to access beyond end of device loop0: rw=0, want=2201354232, limit=264192 BUG: unable to handle page fault for address: ffffed113dd9ce4f #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 23fff3067 P4D 23fff3067 PUD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 343 Comm: syz-executor.0 Not tainted 5.4.233-syzkaller-00011-g0108362f3305 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 RIP: 0010:z_erofs_decompress_pcluster fs/erofs/zdata.c:828 [inline] RIP: 0010:z_erofs_vle_unzip_all+0x755/0x1bf0 fs/erofs/zdata.c:973 Code: 28 84 c0 0f 85 c3 02 00 00 8b 03 c1 f8 02 89 c0 48 8b 4c 24 50 4c 8d 34 c1 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 80 7c 05 00 00 74 08 4c 89 f7 e8 8b 2d 94 ff 4d 8b 3e 4d 85 ff RSP: 0018:ffff8881eece7140 EFLAGS: 00010a02 RAX: dffffc0000000000 RBX: ffffea0007630aa8 RCX: ffff8881eece7280 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea0007630aa8 RBP: ffff8881eece76b0 R08: dffffc0000000000 R09: fffff94000ec6156 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 R13: 1ffff1113dd9ce4f R14: ffff8889eece7278 R15: ffffea0007630a80 FS: 00007f7886df7700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffed113dd9ce4f CR3: 00000001ef3d0000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: z_erofs_submit_and_unzip+0x11db/0x12d0 fs/erofs/zdata.c:1328 z_erofs_vle_normalaccess_readpage+0x30b/0x630 fs/erofs/zdata.c:1347 do_read_cache_page+0x649/0xa10 mm/filemap.c:2802 read_mapping_page include/linux/pagemap.h:399 [inline] find_target_block_classic fs/erofs/namei.c:105 [inline] erofs_namei+0x160/0xf90 fs/erofs/namei.c:185 erofs_lookup+0x145/0x450 fs/erofs/namei.c:229 __lookup_hash+0x117/0x240 fs/namei.c:1623 filename_create+0x202/0x750 fs/namei.c:3716 user_path_create fs/namei.c:3773 [inline] do_mknodat+0x159/0x420 fs/namei.c:3834 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 Modules linked in: CR2: ffffed113dd9ce4f ---[ end trace adf939319b85448a ]--- RIP: 0010:z_erofs_decompress_pcluster fs/erofs/zdata.c:828 [inline] RIP: 0010:z_erofs_vle_unzip_all+0x755/0x1bf0 fs/erofs/zdata.c:973 Code: 28 84 c0 0f 85 c3 02 00 00 8b 03 c1 f8 02 89 c0 48 8b 4c 24 50 4c 8d 34 c1 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 80 7c 05 00 00 74 08 4c 89 f7 e8 8b 2d 94 ff 4d 8b 3e 4d 85 ff RSP: 0018:ffff8881eece7140 EFLAGS: 00010a02 RAX: dffffc0000000000 RBX: ffffea0007630aa8 RCX: ffff8881eece7280 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea0007630aa8 RBP: ffff8881eece76b0 R08: dffffc0000000000 R09: fffff94000ec6156 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 R13: 1ffff1113dd9ce4f R14: ffff8889eece7278 R15: ffffea0007630a80 FS: 00007f7886df7700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffed113dd9ce4f CR3: 00000001ef3d0000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 28 84 c0 0f 85 c3 02 sub %al,0x2c3850f(%rax,%rax,8) 7: 00 00 add %al,(%rax) 9: 8b 03 mov (%rbx),%eax b: c1 f8 02 sar $0x2,%eax e: 89 c0 mov %eax,%eax 10: 48 8b 4c 24 50 mov 0x50(%rsp),%rcx 15: 4c 8d 34 c1 lea (%rcx,%rax,8),%r14 19: 4d 89 f5 mov %r14,%r13 1c: 49 c1 ed 03 shr $0x3,%r13 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 41 80 7c 05 00 00 cmpb $0x0,0x0(%r13,%rax,1) <-- trapping instruction 30: 74 08 je 0x3a 32: 4c 89 f7 mov %r14,%rdi 35: e8 8b 2d 94 ff callq 0xff942dc5 3a: 4d 8b 3e mov (%r14),%r15 3d: 4d 85 ff test %r15,%r15