[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 51.755210][ T6527] loop0: detected capacity change from 0 to 16
[ 51.768761][ T6527] erofs: (device loop0): mounted with root inode @ nid 36.
[ 51.789910][ T150] ==================================================================
[ 51.798128][ T150] BUG: KASAN: use-after-free in LZ4_decompress_safe_partial+0xff8/0x1580
[ 51.806580][ T150] Read of size 2 at addr ffff88806dd1f000 by task kworker/u5:0/150
[ 51.814565][ T150]
[ 51.816893][ T150] CPU: 1 PID: 150 Comm: kworker/u5:0 Not tainted 5.15.0-rc6-syzkaller #0
[ 51.825308][ T150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.835358][ T150] Workqueue: erofs_unzipd z_erofs_decompressqueue_work
[ 51.842211][ T150] Call Trace:
[ 51.845487][ T150] dump_stack_lvl+0x1dc/0x2d8
[ 51.850161][ T150] ? show_regs_print_info+0x12/0x12
[ 51.855347][ T150] ? _printk+0xcf/0x118
[ 51.859492][ T150] ? wake_up_klogd+0xb2/0xf0
[ 51.864070][ T150] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 51.869786][ T150] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 51.875247][ T150] ? rcu_read_lock_sched_held+0x89/0x130
[ 51.880888][ T150] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 51.886872][ T150] print_address_description+0x66/0x3e0
[ 51.892414][ T150] ? LZ4_decompress_safe_partial+0xff8/0x1580
[ 51.898467][ T150] kasan_report+0x19a/0x1f0
[ 51.902972][ T150] ? LZ4_decompress_safe_partial+0xff8/0x1580
[ 51.909034][ T150] LZ4_decompress_safe_partial+0xff8/0x1580
[ 51.914936][ T150] z_erofs_lz4_decompress+0x4c3/0x1100
[ 51.920412][ T150] ? z_erofs_lz4_prepare_destpages+0x730/0x730
[ 51.926636][ T150] z_erofs_decompress+0xa8e/0xe30
[ 51.931667][ T150] z_erofs_decompress_pcluster+0x15e4/0x2550
[ 51.937652][ T150] ? z_erofs_decompressqueue_work+0x1a0/0x1a0
[ 51.943802][ T150] z_erofs_decompressqueue_work+0x123/0x1a0
[ 51.949700][ T150] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 51.955668][ T150] ? z_erofs_decompress_kickoff+0x3c0/0x3c0
[ 51.961554][ T150] ? _raw_spin_unlock_irq+0x1f/0x40
[ 51.966748][ T150] process_one_work+0x853/0x1140
[ 51.971690][ T150] ? worker_detach_from_pool+0x260/0x260
[ 51.977323][ T150] worker_thread+0xac1/0x1320
[ 51.982011][ T150] kthread+0x453/0x480
[ 51.986080][ T150] ? rcu_lock_release+0x20/0x20
[ 51.990915][ T150] ? kthread_blkcg+0xd0/0xd0
[ 51.995491][ T150] ret_from_fork+0x1f/0x30
[ 51.999937][ T150]
[ 52.002246][ T150] The buggy address belongs to the page:
[ 52.007870][ T150] page:ffffea0001b747c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6dd1f
[ 52.018002][ T150] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 52.025101][ T150] raw: 00fff00000000000 ffffea0001b74408 ffffea0001b74ac8 0000000000000000
[ 52.033673][ T150] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 52.042235][ T150] page dumped because: kasan: bad access detected
[ 52.048628][ T150] page_owner tracks the page as freed
[ 52.054008][ T150] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 6527, ts 51734930672, free_ts 51749499849
[ 52.069528][ T150] get_page_from_freelist+0x779/0xa30
[ 52.074890][ T150] __alloc_pages+0x255/0x580
[ 52.079465][ T150] alloc_pages_vma+0x668/0x1030
[ 52.084301][ T150] do_anonymous_page+0x31b/0x14b0
[ 52.089311][ T150] handle_mm_fault+0x1860/0x2560
[ 52.094233][ T150] do_user_addr_fault+0x8ce/0x10c0
[ 52.099330][ T150] exc_page_fault+0xa1/0x1e0
[ 52.103904][ T150] asm_exc_page_fault+0x1e/0x30
[ 52.108742][ T150] page last free stack trace:
[ 52.113399][ T150] free_pcp_prepare+0xc29/0xd20
[ 52.118235][ T150] free_unref_page_list+0x11f/0xa50
[ 52.123428][ T150] release_pages+0x18cb/0x1b00
[ 52.128178][ T150] tlb_flush_mmu+0x780/0x910
[ 52.132751][ T150] tlb_finish_mmu+0xcb/0x200
[ 52.137320][ T150] exit_mmap+0x3dd/0x6f0
[ 52.141544][ T150] __mmput+0x111/0x3a0
[ 52.145617][ T150] exec_mmap+0x53e/0x640
[ 52.149852][ T150] begin_new_exec+0x6c9/0x1180
[ 52.154600][ T150] load_elf_binary+0x836/0x3bc0
[ 52.159437][ T150] bprm_execve+0x8eb/0x1470
[ 52.163930][ T150] do_execveat_common+0x44c/0x590
[ 52.168940][ T150] __x64_sys_execve+0x8e/0xa0
[ 52.173602][ T150] do_syscall_64+0x44/0xd0
[ 52.178010][ T150] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 52.183890][ T150]
[ 52.186198][ T150] Memory state around the buggy address:
[ 52.191813][ T150] ffff88806dd1ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.199858][ T150] ffff88806dd1ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.207901][ T150] >ffff88806dd1f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 52.215994][ T150] ^
[ 52.220044][ T150] ffff88806dd1f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 52.228090][ T150] ffff88806dd1f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 52.236131][ T150] ==================================================================
[ 52.244169][ T150] Disabling lock debugging due to kernel taint
[ 52.250436][ T150] Kernel panic - not syncing: panic_on_warn set ...
[ 52.257027][ T150] CPU: 1 PID: 150 Comm: kworker/u5:0 Tainted: G B 5.15.0-rc6-syzkaller #0
[ 52.266816][ T150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.276859][ T150] Workqueue: erofs_unzipd z_erofs_decompressqueue_work
[ 52.283701][ T150] Call Trace:
[ 52.287053][ T150] dump_stack_lvl+0x1dc/0x2d8
[ 52.291716][ T150] ? show_regs_print_info+0x12/0x12
[ 52.296898][ T150] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 52.302603][ T150] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 52.308742][ T150] panic+0x2d6/0x810
[ 52.312620][ T150] ? trace_hardirqs_on+0x30/0x80
[ 52.317540][ T150] ? nmi_panic+0x90/0x90
[ 52.321763][ T150] ? _raw_spin_unlock_irqrestore+0xd4/0x130
[ 52.327652][ T150] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 52.333529][ T150] ? print_memory_metadata+0xe0/0x140
[ 52.338882][ T150] ? LZ4_decompress_safe_partial+0xff8/0x1580
[ 52.344932][ T150] end_report+0x83/0x90
[ 52.349069][ T150] kasan_report+0x1bf/0x1f0
[ 52.353555][ T150] ? LZ4_decompress_safe_partial+0xff8/0x1580
[ 52.359602][ T150] LZ4_decompress_safe_partial+0xff8/0x1580
[ 52.365519][ T150] z_erofs_lz4_decompress+0x4c3/0x1100
[ 52.370961][ T150] ? z_erofs_lz4_prepare_destpages+0x730/0x730
[ 52.377093][ T150] z_erofs_decompress+0xa8e/0xe30
[ 52.382102][ T150] z_erofs_decompress_pcluster+0x15e4/0x2550
[ 52.388068][ T150] ? z_erofs_decompressqueue_work+0x1a0/0x1a0
[ 52.394148][ T150] z_erofs_decompressqueue_work+0x123/0x1a0
[ 52.400034][ T150] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 52.405998][ T150] ? z_erofs_decompress_kickoff+0x3c0/0x3c0
[ 52.411871][ T150] ? _raw_spin_unlock_irq+0x1f/0x40
[ 52.417055][ T150] process_one_work+0x853/0x1140
[ 52.421981][ T150] ? worker_detach_from_pool+0x260/0x260
[ 52.427599][ T150] worker_thread+0xac1/0x1320
[ 52.432266][ T150] kthread+0x453/0x480
[ 52.436314][ T150] ? rcu_lock_release+0x20/0x20
[ 52.441156][ T150] ? kthread_blkcg+0xd0/0xd0
[ 52.445725][ T150] ret_from_fork+0x1f/0x30
[ 52.450195][ T150] Kernel Offset: disabled
[ 52.454504][ T150] Rebooting in 86400 seconds..