Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. executing program [ 79.540913][ T5770] syz-executor154[5770]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 79.554909][ T5770] loop0: detected capacity change from 0 to 16 [ 79.581508][ T5770] erofs: (device loop0): mounted with root inode @ nid 36. [ 79.594979][ T5770] syz-executor154: attempt to access beyond end of device [ 79.594979][ T5770] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 79.612026][ T5770] syz-executor154: attempt to access beyond end of device [ 79.612026][ T5770] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 79.627185][ T5770] syz-executor154: attempt to access beyond end of device [ 79.627185][ T5770] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 79.654989][ T5769] BUG: Bad page state in process syz-executor154 pfn:2fb15 [ 79.662468][ T5769] page:ffffea0000bec540 refcount:0 mapcount:0 mapping:ffff8880789787c8 index:0x2 pfn:0x2fb15 [ 79.672740][ T5769] aops:z_erofs_cache_aops ino:0 [ 79.677716][ T5769] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 79.685545][ T5769] page_type: 0xffffffff() [ 79.689926][ T5769] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880789787c8 [ 79.698606][ T5769] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 79.707263][ T5769] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 79.714634][ T5769] page_owner tracks the page as allocated [ 79.720518][ T5769] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x92840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC), pid 5770, tgid 5770 (syz-executor154), ts 79594811923, free_ts 79578801476 [ 79.741484][ T5769] post_alloc_hook+0x1cd/0x210 [ 79.746314][ T5769] get_page_from_freelist+0x195c/0x19f0 [ 79.751870][ T5769] __alloc_pages+0x1e3/0x460 [ 79.756705][ T5769] z_erofs_do_read_page+0x20c0/0x3680 [ 79.762120][ T5769] z_erofs_pcluster_readmore+0x2cf/0x450 [ 79.767836][ T5769] z_erofs_read_folio+0x208/0x540 [ 79.772897][ T5769] filemap_read_folio+0x167/0x760 [ 79.777988][ T5769] do_read_cache_folio+0x470/0x7e0 [ 79.783134][ T5769] erofs_bread+0x16f/0x630 [ 79.787622][ T5769] erofs_namei+0x28c/0xf00 [ 79.792164][ T5769] erofs_lookup+0x135/0x310 [ 79.796763][ T5769] path_openat+0x10b8/0x3190 [ 79.801392][ T5769] do_filp_open+0x1c5/0x3d0 [ 79.805994][ T5769] do_sys_openat2+0x12c/0x1c0 [ 79.810723][ T5769] __x64_sys_openat+0x139/0x160 [ 79.815663][ T5769] do_syscall_64+0x55/0xb0 [ 79.820120][ T5769] page last free stack trace: [ 79.824848][ T5769] free_unref_page_prepare+0x7ce/0x8e0 [ 79.830336][ T5769] free_unref_page+0x32/0x2e0 [ 79.835071][ T5769] __unfreeze_partials+0x1cf/0x210 [ 79.840215][ T5769] put_cpu_partial+0x17c/0x250 [ 79.845046][ T5769] __slab_free+0x31d/0x410 [ 79.849490][ T5769] qlist_free_all+0x75/0xe0 [ 79.853998][ T5769] kasan_quarantine_reduce+0x143/0x160 [ 79.859531][ T5769] __kasan_slab_alloc+0x22/0x80 [ 79.864420][ T5769] slab_post_alloc_hook+0x6e/0x4d0 [ 79.869599][ T5769] kmem_cache_alloc+0x11e/0x2e0 [ 79.874513][ T5769] getname_flags+0xbb/0x500 [ 79.879046][ T5769] do_sys_openat2+0xcb/0x1c0 [ 79.883650][ T5769] __x64_sys_openat+0x139/0x160 [ 79.888560][ T5769] do_syscall_64+0x55/0xb0 [ 79.893023][ T5769] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 79.898995][ T5769] Modules linked in: [ 79.902925][ T5769] CPU: 0 PID: 5769 Comm: syz-executor154 Not tainted 6.6.94-syzkaller #0 [ 79.911344][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 79.921419][ T5769] Call Trace: [ 79.924721][ T5769] [ 79.927676][ T5769] dump_stack_lvl+0x16c/0x230 [ 79.932375][ T5769] ? show_regs_print_info+0x20/0x20 [ 79.937602][ T5769] ? swiotlb_print_info+0x70/0x70 [ 79.942641][ T5769] bad_page+0x14b/0x170 [ 79.946808][ T5769] free_unref_page_prepare+0x887/0x8e0 [ 79.952279][ T5769] free_unref_page+0x32/0x2e0 [ 79.956965][ T5769] ? __folio_put+0xef/0x210 [ 79.961489][ T5769] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 79.967933][ T5769] erofs_shrink_workstation+0x118/0x290 [ 79.973497][ T5769] ? erofs_shrinker_unregister+0x170/0x170 [ 79.979588][ T5769] ? io_schedule+0xd0/0xd0 [ 79.984021][ T5769] ? kobject_put+0x43c/0x470 [ 79.988633][ T5769] erofs_shrinker_unregister+0x5d/0x170 [ 79.994196][ T5769] erofs_put_super+0x4e/0x150 [ 79.998900][ T5769] ? erofs_free_inode+0xb0/0xb0 [ 80.003764][ T5769] generic_shutdown_super+0x134/0x2b0 [ 80.009157][ T5769] kill_block_super+0x44/0x90 [ 80.013848][ T5769] erofs_kill_sb+0x4c/0x140 [ 80.018366][ T5769] deactivate_locked_super+0x97/0x100 [ 80.023757][ T5769] cleanup_mnt+0x429/0x4c0 [ 80.028200][ T5769] task_work_run+0x1ce/0x250 [ 80.032817][ T5769] ? task_work_cancel+0x240/0x240 [ 80.037867][ T5769] ? exit_to_user_mode_loop+0x3b/0x110 [ 80.043348][ T5769] exit_to_user_mode_loop+0xe6/0x110 [ 80.048657][ T5769] exit_to_user_mode_prepare+0xb1/0x140 [ 80.054224][ T5769] syscall_exit_to_user_mode+0x1a/0x50 [ 80.059960][ T5769] do_syscall_64+0x61/0xb0 [ 80.064397][ T5769] ? clear_bhb_loop+0x40/0x90 [ 80.069082][ T5769] ? clear_bhb_loop+0x40/0x90 [ 80.073768][ T5769] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 80.079683][ T5769] RIP: 0033:0x7fdca0404407 [ 80.084124][ T5769] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 80.103749][ T5769] RSP: 002b:00007ffdc3073a48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 80.112184][ T5769] RAX: 0000000000000000 RBX: 000000000001368f RCX: 00007fdca0404407 [ 80.120175][ T5769] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdc3073b00 [ 80.128176][ T5769] RBP: 00007ffdc3073b00 R08: 0000000000000000 R09: 0000000000000000 [ 80.136156][ T5769] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffdc3074b60 [ 80.144158][ T5769] R13: 00005555636206c0 R14: 0000000000000001 R15: 431bde82d7b634db [ 80.152155][ T5769] [ 80.155415][ T5769] Disabling lock debugging due to kernel taint