================================================================== BUG: KASAN: global-out-of-bounds in z_erofs_decompress_pcluster fs/erofs/zdata.c:1274 [inline] BUG: KASAN: global-out-of-bounds in z_erofs_decompress_queue+0x3b1/0x2ef0 fs/erofs/zdata.c:1411 Read of size 8 at addr ffffffff8650beb0 by task kworker/u9:0/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: erofs_worker z_erofs_decompressqueue_work Call Trace: dump_stack_lvl+0xf4/0x170 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x230 mm/kasan/report.c:480 kasan_report+0x118/0x150 mm/kasan/report.c:593 z_erofs_decompress_pcluster fs/erofs/zdata.c:1274 [inline] z_erofs_decompress_queue+0x3b1/0x2ef0 fs/erofs/zdata.c:1411 z_erofs_decompressqueue_work+0x7d/0xd0 fs/erofs/zdata.c:1423 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0x995/0x12d0 kernel/workqueue.c:3321 worker_thread+0x850/0xc60 kernel/workqueue.c:3402 kthread+0x59b/0x690 kernel/kthread.c:464 ret_from_fork+0x136/0x2d0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 The buggy address belongs to the variable: z_erofs_decomp+0x30/0x60 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x650b flags: 0x80000000002000(reserved|node=0|zone=1) raw: 0080000000002000 ffffea00001942c8 ffffea00001942c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff8650bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff8650be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff8650be80: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 ^ ffffffff8650bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff8650bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================