Extracting prog: 1m6.284239255s
Minimizing prog: 3m22.099440475s
Simplifying prog options: 0s
Extracting C: 26.572179059s
Simplifying C: 4m11.570734873s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x58)

program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
single: successfully extracted reproducer
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=33.209259619s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)

program did not crash
testing program (duration=33.209259619s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-getdents
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x58)

program did not crash
testing program (duration=33.209259619s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-lseek-getdents
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
lseek(0xffffffffffffffff, 0xfffffffffffffffc, 0x2)
getdents(0xffffffffffffffff, 0x0, 0x58)

program did not crash
testing program (duration=33.209259619s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$dir-lseek-getdents
detailed listing:
executing program 0:
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x58)

program did not crash
testing program (duration=33.209259619s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x58)

program did not crash
extracting C reproducer
testing compiled C program (duration=33.209259619s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
simplifying C reproducer
testing compiled C program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
testing compiled C program (duration=33.209259619s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program did not crash
testing compiled C program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
testing compiled C program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
testing compiled C program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program did not crash
testing compiled C program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
testing compiled C program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
testing program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x58)

program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
validation run: crashed=true
testing program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x58)

program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
validation run: crashed=true
testing program (duration=33.209259619s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$erofs-openat$dir-lseek-getdents
detailed listing:
executing program 0:
syz_mount_image$erofs(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', 0x2800080, &(0x7f0000001280)=ANY=[], 0xff, 0x209, &(0x7f0000001000)="$eJzsmb+LE0EUx78zu/lxhwg2FjZXGPBEb7O7UTmEK06wF0497S5463G6d5Fk1eTA4rCxsbQQbP0HLCyusrCzs9VCA4KFKe0CIzM72R032eCCiYXvA5l8582bmbcT5htIQBDEf0v/688vz6+sXj8P4BhqqOj4dyvN4Ub+55cPz71Yu/rqzafX7/ePPznKrlcpuL/c5t26hQgLqi+EEOZ4TbXMllXUdOwGOM5qvWnM2ALHTR0PwHBb63uGbi1oEQbOnVa4fXc3DFzZeLLxZdMw97cBDA4ZtgFUdX3MGO/0Du43wzBod6yRiCMlkR5c7/ehomLa+an61jnWdF/WJ7e99ezpoew7Ou4a5+eBw9O6AYYNrVdRgeM46ZEYz3/KTte3Jj7/rISVjXQzOVv9vOknVmZZ2F8SpTmc4QwEwyhSnZa8+ejfl5oVLBuRFzqJnBwcfRif9e1Pt1jKvfNsblcmI5RxARgb+riYRkbGXWTlsp4zMSf1J+neZwx/smEn/lGP9h7UO72Dld295k6wE+z7fuOSe8F1L/p1ZURxO+Z7w8T/qsqfFo31SzleWWZldJtR1Pa6QNT2kr4ft4bjbrxt/VBzuPI/juXT8RryQ1SPnfNFx/SLq3c2FFi2csohCIIgCIIgCIIgCIIgCIIoyBKY+hVU/1ElMgDi8mMhhH9NZf8KAAD//3EkXBY=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
getdents(r0, 0x0, 0x58)

program crashed: BUG: scheduling while atomic in exit_to_user_mode_loop
validation run: crashed=true
reproducing took 10m39.619509007s
repro crashed as (corrupted=false):
erofs: (device loop2): mounted with root inode @ nid 36.
erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
erofs: (device loop2): erofs_readdir: fail to readdir of logical block 144 of nid 36
BUG: scheduling while atomic: syz.2.17/391/0x00000002
Modules linked in:
Preemption disabled at:
[<ffffffff8215dad8>] kmap_atomic include/linux/highmem.h:156 [inline]
[<ffffffff8215dad8>] z_erofs_reload_indexes+0x318/0x450 fs/erofs/zmap.c:148
CPU: 1 PID: 391 Comm: syz.2.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 __dump_stack+0x21/0x24 lib/dump_stack.c:77
 dump_stack_lvl+0x1a7/0x208 lib/dump_stack.c:118
 dump_stack+0x15/0x1c lib/dump_stack.c:135
 __schedule_bug+0x183/0x240 kernel/sched/core.c:4545
 schedule_debug kernel/sched/core.c:4572 [inline]
 __schedule+0xc45/0x1320 kernel/sched/core.c:4700
 schedule+0x13c/0x1d0 kernel/sched/core.c:4884
 exit_to_user_mode_loop+0x4b/0xe0 kernel/entry/common.c:160
 exit_to_user_mode_prepare+0x76/0xa0 kernel/entry/common.c:199
 syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:274
 do_syscall_64+0x3d/0x40 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f06d2ff5e59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd2cf02da8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
RAX: ffffffffffffff8b RBX: 00007f06d326efa0 RCX: 00007f06d2ff5e59
RDX: 0000000000000058 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f06d308bd6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f06d326efac R14: 00007f06d326efa0 R15: 00007f06d326efa0

final repro crashed as (corrupted=false):
erofs: (device loop2): mounted with root inode @ nid 36.
erofs: (device loop2): z_erofs_readpage: failed to read, err [-117]
erofs: (device loop2): erofs_readdir: fail to readdir of logical block 144 of nid 36
BUG: scheduling while atomic: syz.2.17/391/0x00000002
Modules linked in:
Preemption disabled at:
[<ffffffff8215dad8>] kmap_atomic include/linux/highmem.h:156 [inline]
[<ffffffff8215dad8>] z_erofs_reload_indexes+0x318/0x450 fs/erofs/zmap.c:148
CPU: 1 PID: 391 Comm: syz.2.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 __dump_stack+0x21/0x24 lib/dump_stack.c:77
 dump_stack_lvl+0x1a7/0x208 lib/dump_stack.c:118
 dump_stack+0x15/0x1c lib/dump_stack.c:135
 __schedule_bug+0x183/0x240 kernel/sched/core.c:4545
 schedule_debug kernel/sched/core.c:4572 [inline]
 __schedule+0xc45/0x1320 kernel/sched/core.c:4700
 schedule+0x13c/0x1d0 kernel/sched/core.c:4884
 exit_to_user_mode_loop+0x4b/0xe0 kernel/entry/common.c:160
 exit_to_user_mode_prepare+0x76/0xa0 kernel/entry/common.c:199
 syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:274
 do_syscall_64+0x3d/0x40 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f06d2ff5e59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd2cf02da8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
RAX: ffffffffffffff8b RBX: 00007f06d326efa0 RCX: 00007f06d2ff5e59
RDX: 0000000000000058 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f06d308bd6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f06d326efac R14: 00007f06d326efa0 R15: 00007f06d326efa0