program: syz_mount_image$erofs(&(0x7f0000000100), &(0x7f0000000300)='./file0\x00', 0x4000, &(0x7f0000000180)={[{@acl}, {@cache_strategy_readahead}, {@cache_strategy_readahead}, {@cache_strategy_readahead}, {@cache_strategy_readaround}, {@nouser_xattr}, {@dax_always}]}, 0x1, 0x194, &(0x7f00000006c0)="$eJzsmDFPIkEUx/8zy8Hd5XLXX3PFkYgxLruLGhoKTOxNRI2dRFaCLmBgTYTEwg9gaWFiY+EXsLSy8FtooVY2lNZjZneACRFQEwjG9yte/jPzePPmkfyLBUEQX5bHh+f748V0TupfiCOm9p+Mbg7X8u9O92dOMktnl7cXN5Xfh1e99b4DEALxt94fAXCdNeCrtRBC6OftQjnwjl4Fx7TS62Awld4Ex5rSLhg2lN7RdFXmm+Z2yXPNrapXkMKSwZbBkSHV21/riKGg9RfVzuuN5m7e89zaCMWw+bWyHBmtP/3/as/G0uZng8NWOgWGFaXTiLVnE45E7cv3/4106xva5R99Ehv51EiMQfyZjDbGJEQMmIA2Pofo+pM4Z5jS/Cmi+VPSL+8l643mbKmcL7pFt+I4qQVrzrLmnWRgRGEc4H8/An/6qdX/1ic3yqI4yPt+zQ5jZ+2E8TXH5YH/cST+h2sm6/TtJjxn6ncsUAljQDpBEARBEARBEARBEARBEMQ7+AcWfAUdgrMcZL8EAAD//+T5dYE=") chdir(&(0x7f0000000240)='./file0\x00') mlockall(0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x147040, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x5, 0x11, r0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f00000002c0)={&(0x7f0000f95000/0x13000)=nil, &(0x7f0000df7000/0x2000)=nil, 0x13000, 0x2}) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x10) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r2, &(0x7f0000000400)="2ec8425d4ce2ef0035", 0x9) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000000)={{r1, r1}, &(0x7f0000000300), &(0x7f0000000040)='%pK \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r1, r1}, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_DELPDP(r5, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB="000043ba260da9cf3d2e7ba991b1d7cded8ef7f2770e8cc4da28841110d785bb87cd013beade26a928373b2d1d7ba40e2ab310fb6ed40100000000000000e6d803212a53712d183b89c8de55aa9c0018a739dd86cb4b0fdb43664287c09932b0f7ff1e9868dbbbfe4d237c8a655074299d5be12155cdaa40d71783d21e", @ANYRES16=r6, @ANYBLOB="010025bd7000fbdbdf250100000014000c00fe8000000000000000000000000000bb"], 0x28}, 0x1, 0x0, 0x0, 0x44}, 0x20008000) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x10, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000400b7080000000000007b8af8ff00000000b7080000341200002b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000b53a7a882876015ff0dcbdc4c80522b84f8a8f8d9fd1d724e037290292bc2d9e62e1c565bacf691bcb0b922096401a1a77d39f55fc697a42a406d0e07bb649df8cb9925e4ac4ba4f09b2fe4e33a165b119e35fb5912d86170e01e4e612762af9d04ef2a9005b885d2af405c24924efe6faf44b2b1107f14fcb32be25e467d8df3d554f86ebd4fe2817f46a14d157a60acd4614a133e5c36b2e62a1097d62ce5dfcdc789fb96ab0138fba84470a9815407c4d3eee91b1dcd6cb51737a02a4ccb79cc1032f59ecf5e8f46ed56f2dcb7766394dd04c70d772409fa934a0c261b9890c970fab23031354147bcb205113e3c74d79c4150d914e2564a81d9a28be4cf294cf16d0d5fab6acdb84d0b4037fee75ac8877a97d5e2ac1c9d3dc936523d20936d68fbbd6456fbeb059bfd1724fdbf9960576410acd064683344cebeea8e786c6b8c96f25ed0988e860845c96f0437621d804f1d9adab9f7da9cce9497ce7f9db18b84bca373982a97f92d7bbc4181d741e596eabcc2647", @ANYRES32=r1, @ANYRESDEC=0x0], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) [ 74.811715][ T5303] Bluetooth: hci0: command tx timeout [ 74.846052][ T5324] loop0: detected capacity change from 0 to 16 [ 74.998145][ T5324] erofs (device loop0): mounted with root inode @ nid 36. [ 75.008817][ T26] audit: type=1800 audit(1764629889.227:2): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file0" dev="loop0" ino=49 res=0 errno=0 [ 75.024600][ T5324] Oops: general protection fault, probably for non-canonical address 0xdffffc00000009c0: 0000 [#1] SMP KASAN NOPTI [ 75.029864][ T5324] KASAN: probably user-memory-access in range [0x0000000000004e00-0x0000000000004e07] [ 75.034263][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.038463][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.043258][ T5324] RIP: 0010:workingset_refault+0x428/0x1660 [ 75.045785][ T5324] Code: 74 0c 48 c7 c7 d0 3c 7d 8f e8 d4 ef 1c 00 4c 8b 35 ed 43 72 0d 49 81 c6 78 0c 00 00 4d 8d bd 00 4e 00 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 6b 08 00 00 49 63 07 4d 8d 34 c6 4c 89 [ 75.054136][ T5324] RSP: 0018:ffffc9000d45f5c0 EFLAGS: 00010206 [ 75.056891][ T5324] RAX: 00000000000009c0 RBX: 000000000024e7a9 RCX: 0000000000100000 [ 75.060345][ T5324] RDX: ffffc9000dffa000 RSI: 0000000000000324 RDI: 0000000000000325 [ 75.063642][ T5324] RBP: ffffc9000d45f840 R08: ffff88801f80a480 R09: 0000000000000002 [ 75.067065][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: dffffc0000000000 [ 75.070196][ T5324] R13: 0000000000000000 R14: ffff88801bee0c78 R15: 0000000000004e00 [ 75.073228][ T5324] FS: 00007f9a45ded6c0(0000) GS:ffff88808d722000(0000) knlGS:0000000000000000 [ 75.076593][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.079046][ T5324] CR2: 00007f9a49bd6fd8 CR3: 0000000041ccd000 CR4: 0000000000352ef0 [ 75.081884][ T5324] Call Trace: [ 75.083182][ T5324] [ 75.084538][ T5324] ? __lruvec_stat_mod_folio+0x6f/0x2e0 [ 75.086991][ T5324] ? workingset_refault+0x2fd/0x1660 [ 75.089378][ T5324] ? __pfx_workingset_refault+0x10/0x10 [ 75.092066][ T5324] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.094289][ T5324] ? rcu_is_watching+0x15/0xb0 [ 75.096247][ T5324] ? __filemap_add_folio+0xef0/0x12f0 [ 75.098452][ T5324] ? __lock_acquire+0xab9/0xd20 [ 75.100574][ T5324] ? __pfx___filemap_add_folio+0x10/0x10 [ 75.103598][ T5324] ? percpu_ref_put+0x19/0x180 [ 75.105928][ T5324] ? percpu_ref_put+0xf9/0x180 [ 75.108145][ T5324] filemap_add_folio+0x33f/0x540 [ 75.110592][ T5324] do_read_cache_folio+0x326/0x590 [ 75.113428][ T5324] ? __pfx_erofs_read_folio+0x10/0x10 [ 75.116320][ T5324] read_cache_page+0x5d/0x170 [ 75.118331][ T5324] install_breakpoint+0x2a5/0x5a0 [ 75.120497][ T5324] register_for_each_vma+0xabb/0xc30 [ 75.122794][ T5324] uprobe_register+0x7f2/0x950 [ 75.124844][ T5324] bpf_uprobe_multi_link_attach+0xb92/0xee0 [ 75.127511][ T5324] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 75.130223][ T5324] ? __fget_files+0x2a/0x420 [ 75.132203][ T5324] ? __fget_files+0x3a0/0x420 [ 75.134240][ T5324] ? bpf_prog_attach_check_attach_type+0x453/0x540 [ 75.136807][ T5324] link_create+0x747/0x900 [ 75.138519][ T5324] __sys_bpf+0x6be/0x860 [ 75.140203][ T5324] ? __pfx___sys_bpf+0x10/0x10 [ 75.142155][ T5324] ? rcu_is_watching+0x15/0xb0 [ 75.144190][ T5324] ? rcu_is_watching+0x15/0xb0 [ 75.145968][ T5324] __x64_sys_bpf+0x7c/0x90 [ 75.147719][ T5324] do_syscall_64+0xfa/0xfa0 [ 75.149574][ T5324] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.151599][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.153846][ T5324] ? clear_bhb_loop+0x60/0xb0 [ 75.155835][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.158102][ T5324] RIP: 0033:0x7f9a4998f7c9 [ 75.159739][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.167147][ T5324] RSP: 002b:00007f9a45ded038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 75.170369][ T5324] RAX: ffffffffffffffda RBX: 00007f9a49be5fa0 RCX: 00007f9a4998f7c9 [ 75.173251][ T5324] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c [ 75.176352][ T5324] RBP: 00007f9a49a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.179510][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.182761][ T5324] R13: 00007f9a49be6038 R14: 00007f9a49be5fa0 R15: 00007fff980b3768 [ 75.185882][ T5324] [ 75.187160][ T5324] Modules linked in: [ 75.189203][ T5324] ---[ end trace 0000000000000000 ]--- [ 75.191745][ T26] audit: type=1800 audit(1764629889.237:3): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file0" dev="loop0" ino=49 res=0 errno=0 [ 75.206662][ T5324] RIP: 0010:workingset_refault+0x428/0x1660 [ 75.209341][ T5324] Code: 74 0c 48 c7 c7 d0 3c 7d 8f e8 d4 ef 1c 00 4c 8b 35 ed 43 72 0d 49 81 c6 78 0c 00 00 4d 8d bd 00 4e 00 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 6b 08 00 00 49 63 07 4d 8d 34 c6 4c 89 [ 75.217829][ T5324] RSP: 0018:ffffc9000d45f5c0 EFLAGS: 00010206 [ 75.220509][ T5324] RAX: 00000000000009c0 RBX: 000000000024e7a9 RCX: 0000000000100000 [ 75.224073][ T5324] RDX: ffffc9000dffa000 RSI: 0000000000000324 RDI: 0000000000000325 [ 75.227108][ T5324] RBP: ffffc9000d45f840 R08: ffff88801f80a480 R09: 0000000000000002 [ 75.230632][ T5324] R10: 0000000000000406 R11: 0000000000000002 R12: dffffc0000000000 [ 75.234792][ T5324] R13: 0000000000000000 R14: ffff88801bee0c78 R15: 0000000000004e00 [ 75.238632][ T5324] FS: 00007f9a45ded6c0(0000) GS:ffff88808d722000(0000) knlGS:0000000000000000 [ 75.242719][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.245614][ T5324] CR2: 00007f9a45dccfe8 CR3: 0000000041ccd000 CR4: 0000000000352ef0 [ 75.249184][ T5324] Kernel panic - not syncing: Fatal exception [ 75.252211][ T5324] Kernel Offset: disabled [ 75.254168][ T5324] Rebooting in 86400 seconds..