program: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, r1, 0x2}) r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_FLINK(r4, 0xc008640a, &(0x7f0000000300)={r5, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000100)={r6}) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r8, 0x1, 0xffff, 0xa, 0x1ff, 0x1}) (fail_nth: 15) [ 69.127652][ T4669] Bluetooth: hci0: command tx timeout [ 69.198514][ T5322] FAULT_INJECTION: forcing a failure. [ 69.198514][ T5322] name failslab, interval 1, probability 0, space 0, times 1 [ 69.203423][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.203440][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.203448][ T5322] Call Trace: [ 69.203454][ T5322] [ 69.203459][ T5322] dump_stack_lvl+0x189/0x250 [ 69.203568][ T5322] ? __pfx____ratelimit+0x10/0x10 [ 69.203609][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.203624][ T5322] ? __pfx__printk+0x10/0x10 [ 69.203640][ T5322] ? __pfx___might_resched+0x10/0x10 [ 69.203654][ T5322] ? fs_reclaim_acquire+0x7d/0x100 [ 69.203674][ T5322] should_fail_ex+0x414/0x560 [ 69.203715][ T5322] should_failslab+0xa8/0x100 [ 69.203726][ T5322] __kmalloc_cache_node_noprof+0x74/0x6f0 [ 69.203742][ T5322] ? __get_vm_area_node+0x13f/0x300 [ 69.203760][ T5322] __get_vm_area_node+0x13f/0x300 [ 69.203778][ T5322] __vmalloc_node_range_noprof+0x30c/0x12d0 [ 69.203793][ T5322] ? system_heap_vmap+0x1ff/0x550 [ 69.203809][ T5322] ? trace_contention_end+0x39/0x120 [ 69.203834][ T5322] ? system_heap_vmap+0xaa/0x550 [ 69.203854][ T5322] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 69.203871][ T5322] ? __mutex_trylock_common+0x153/0x260 [ 69.203885][ T5322] ? system_heap_vmap+0x1ff/0x550 [ 69.203900][ T5322] vmalloc_noprof+0xb2/0xf0 [ 69.203914][ T5322] ? system_heap_vmap+0x1ff/0x550 [ 69.203932][ T5322] system_heap_vmap+0x1ff/0x550 [ 69.203948][ T5322] ? trace_contention_end+0x39/0x120 [ 69.203963][ T5322] ? __pfx_system_heap_vmap+0x10/0x10 [ 69.203984][ T5322] ? __pfx_system_heap_vmap+0x10/0x10 [ 69.204000][ T5322] ? __pfx_system_heap_vmap+0x10/0x10 [ 69.204021][ T5322] dma_buf_vmap+0x246/0x3b0 [ 69.204035][ T5322] ? drm_gem_vmap+0x4c/0x1d0 [ 69.204050][ T5322] ? __pfx_dma_buf_vmap+0x10/0x10 [ 69.204072][ T5322] drm_gem_shmem_vmap_locked+0x14c/0x790 [ 69.204086][ T5322] ? dma_resv_get_singleton+0x81/0x280 [ 69.204102][ T5322] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 69.204119][ T5322] drm_gem_vmap+0x10a/0x1d0 [ 69.204136][ T5322] drm_gem_fb_vmap+0xaa/0x8d0 [ 69.204156][ T5322] drm_atomic_helper_prepare_planes+0x2d6/0xb60 [ 69.204179][ T5322] drm_atomic_helper_commit+0x19a/0xb10 [ 69.204199][ T5322] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 69.204213][ T5322] drm_atomic_commit+0x262/0x2c0 [ 69.204228][ T5322] ? __pfx_drm_atomic_commit+0x10/0x10 [ 69.204239][ T5322] ? __pfx___drm_printfn_info+0x10/0x10 [ 69.204259][ T5322] ? drm_mode_object_get+0xcf/0x140 [ 69.204273][ T5322] ? drm_atomic_set_fb_for_plane+0x1f5/0x280 [ 69.204288][ T5322] drm_atomic_helper_update_plane+0x248/0x3b0 [ 69.204308][ T5322] drm_mode_cursor_common+0xb7e/0x12d0 [ 69.204341][ T5322] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 69.204356][ T5322] ? __kasan_save_free_info+0x46/0x50 [ 69.204390][ T5322] ? __lock_acquire+0xab9/0xd20 [ 69.204403][ T5322] ? drm_mode_cursor_ioctl+0xa6/0x110 [ 69.204421][ T5322] drm_mode_cursor_ioctl+0xbf/0x110 [ 69.204443][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.204462][ T5322] ? do_raw_spin_unlock+0x4d/0x240 [ 69.204479][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 69.204490][ T5322] ? drm_is_current_master+0x19f/0x200 [ 69.204505][ T5322] drm_ioctl_kernel+0x2cf/0x390 [ 69.204521][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.204536][ T5322] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 69.204557][ T5322] drm_ioctl+0x67f/0xb10 [ 69.204575][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.204594][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 69.204639][ T5322] ? __fget_files+0x3a0/0x420 [ 69.204651][ T5322] ? __fget_files+0x2a/0x420 [ 69.204663][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 69.204675][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 69.204690][ T5322] __se_sys_ioctl+0xfc/0x170 [ 69.204706][ T5322] do_syscall_64+0xfa/0xfa0 [ 69.204718][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.204731][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.204741][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 69.204755][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.204765][ T5322] RIP: 0033:0x7f4d49d8f7c9 [ 69.204776][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.204784][ T5322] RSP: 002b:00007f4d4accf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.204797][ T5322] RAX: ffffffffffffffda RBX: 00007f4d49fe5fa0 RCX: 00007f4d49d8f7c9 [ 69.204805][ T5322] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 69.204812][ T5322] RBP: 00007f4d4accf090 R08: 0000000000000000 R09: 0000000000000000 [ 69.204818][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.204824][ T5322] R13: 00007f4d49fe6038 R14: 00007f4d49fe5fa0 R15: 00007fff088caee8 [ 69.204843][ T5322] [ 69.411843][ T5322] syz.0.0: vmalloc error: size 264, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 69.418031][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.418050][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.418057][ T5322] Call Trace: [ 69.418062][ T5322] [ 69.418067][ T5322] dump_stack_lvl+0x189/0x250 [ 69.418091][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.418106][ T5322] ? __pfx__printk+0x10/0x10 [ 69.418116][ T5322] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 69.418132][ T5322] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 69.418149][ T5322] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 69.418166][ T5322] warn_alloc+0x214/0x310 [ 69.418186][ T5322] ? __pfx_warn_alloc+0x10/0x10 [ 69.418207][ T5322] ? __get_vm_area_node+0x2b5/0x300 [ 69.418227][ T5322] __vmalloc_node_range_noprof+0x331/0x12d0 [ 69.418243][ T5322] ? trace_contention_end+0x39/0x120 [ 69.418267][ T5322] ? system_heap_vmap+0xaa/0x550 [ 69.418288][ T5322] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 69.418307][ T5322] ? __mutex_trylock_common+0x153/0x260 [ 69.418321][ T5322] ? system_heap_vmap+0x1ff/0x550 [ 69.418335][ T5322] vmalloc_noprof+0xb2/0xf0 [ 69.418349][ T5322] ? system_heap_vmap+0x1ff/0x550 [ 69.418365][ T5322] system_heap_vmap+0x1ff/0x550 [ 69.418381][ T5322] ? trace_contention_end+0x39/0x120 [ 69.418397][ T5322] ? __pfx_system_heap_vmap+0x10/0x10 [ 69.418417][ T5322] ? __pfx_system_heap_vmap+0x10/0x10 [ 69.418433][ T5322] ? __pfx_system_heap_vmap+0x10/0x10 [ 69.418449][ T5322] dma_buf_vmap+0x246/0x3b0 [ 69.418464][ T5322] ? drm_gem_vmap+0x4c/0x1d0 [ 69.418481][ T5322] ? __pfx_dma_buf_vmap+0x10/0x10 [ 69.418502][ T5322] drm_gem_shmem_vmap_locked+0x14c/0x790 [ 69.418516][ T5322] ? dma_resv_get_singleton+0x81/0x280 [ 69.418531][ T5322] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 69.418549][ T5322] drm_gem_vmap+0x10a/0x1d0 [ 69.418565][ T5322] drm_gem_fb_vmap+0xaa/0x8d0 [ 69.418587][ T5322] drm_atomic_helper_prepare_planes+0x2d6/0xb60 [ 69.418609][ T5322] drm_atomic_helper_commit+0x19a/0xb10 [ 69.418628][ T5322] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 69.418643][ T5322] drm_atomic_commit+0x262/0x2c0 [ 69.418658][ T5322] ? __pfx_drm_atomic_commit+0x10/0x10 [ 69.418669][ T5322] ? __pfx___drm_printfn_info+0x10/0x10 [ 69.418690][ T5322] ? drm_mode_object_get+0xcf/0x140 [ 69.418703][ T5322] ? drm_atomic_set_fb_for_plane+0x1f5/0x280 [ 69.418720][ T5322] drm_atomic_helper_update_plane+0x248/0x3b0 [ 69.418739][ T5322] drm_mode_cursor_common+0xb7e/0x12d0 [ 69.418774][ T5322] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 69.418788][ T5322] ? __kasan_save_free_info+0x46/0x50 [ 69.418824][ T5322] ? __lock_acquire+0xab9/0xd20 [ 69.418837][ T5322] ? drm_mode_cursor_ioctl+0xa6/0x110 [ 69.418855][ T5322] drm_mode_cursor_ioctl+0xbf/0x110 [ 69.418873][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.418891][ T5322] ? do_raw_spin_unlock+0x4d/0x240 [ 69.418908][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 69.418919][ T5322] ? drm_is_current_master+0x19f/0x200 [ 69.418933][ T5322] drm_ioctl_kernel+0x2cf/0x390 [ 69.418949][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.418965][ T5322] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 69.418987][ T5322] drm_ioctl+0x67f/0xb10 [ 69.419010][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.419029][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 69.419072][ T5322] ? __fget_files+0x3a0/0x420 [ 69.419084][ T5322] ? __fget_files+0x2a/0x420 [ 69.419097][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 69.419109][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 69.419124][ T5322] __se_sys_ioctl+0xfc/0x170 [ 69.419140][ T5322] do_syscall_64+0xfa/0xfa0 [ 69.419152][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.419164][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.419174][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 69.419187][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.419198][ T5322] RIP: 0033:0x7f4d49d8f7c9 [ 69.419208][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.419217][ T5322] RSP: 002b:00007f4d4accf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.419230][ T5322] RAX: ffffffffffffffda RBX: 00007f4d49fe5fa0 RCX: 00007f4d49d8f7c9 [ 69.419238][ T5322] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 69.419245][ T5322] RBP: 00007f4d4accf090 R08: 0000000000000000 R09: 0000000000000000 [ 69.419251][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.419257][ T5322] R13: 00007f4d49fe6038 R14: 00007f4d49fe5fa0 R15: 00007fff088caee8 [ 69.419277][ T5322] [ 69.419601][ T5322] Mem-Info: [ 69.625388][ T5322] active_anon:3357 inactive_anon:8 isolated_anon:0 [ 69.625388][ T5322] active_file:931 inactive_file:38786 isolated_file:0 [ 69.625388][ T5322] unevictable:1762 dirty:0 writeback:0 [ 69.625388][ T5322] slab_reclaimable:7329 slab_unreclaimable:30434 [ 69.625388][ T5322] mapped:10066 shmem:2225 pagetables:702 [ 69.625388][ T5322] sec_pagetables:290 bounce:0 [ 69.625388][ T5322] kernel_misc_reclaimable:0 [ 69.625388][ T5322] free:36955 free_pcp:1104 free_cma:0 [ 69.647785][ T5322] Node 0 active_anon:72kB inactive_anon:32kB active_file:0kB inactive_file:16kB unevictable:1512kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:3600kB pagetables:712kB sec_pagetables:1092kB all_unreclaimable? yes Balloon:0kB [ 69.661175][ T5322] Node 1 active_anon:13356kB inactive_anon:0kB active_file:3724kB inactive_file:155128kB unevictable:5536kB isolated(anon):0kB isolated(file):0kB mapped:40256kB dirty:0kB writeback:0kB shmem:7364kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6192kB pagetables:2096kB sec_pagetables:68kB all_unreclaimable? no Balloon:0kB [ 69.675248][ T5322] Node 0 DMA free:1276kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:504kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:172kB local_pcp:172kB free_cma:0kB [ 69.688545][ T5322] lowmem_reserve[]: 0 125 125 125 125 [ 69.691083][ T5322] Node 0 DMA32 free:5916kB boost:0kB min:4980kB low:6224kB high:7468kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:32kB active_file:0kB inactive_file:16kB unevictable:1008kB writepending:0kB zspages:0kB present:770052kB managed:128248kB mlocked:0kB bounce:0kB free_pcp:496kB local_pcp:496kB free_cma:0kB [ 69.703420][ T5322] lowmem_reserve[]: 0 0 0 0 0 [ 69.705131][ T5322] Node 1 DMA32 free:140628kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13356kB inactive_anon:0kB active_file:3724kB inactive_file:155128kB unevictable:5536kB writepending:0kB zspages:1108kB present:786288kB managed:690812kB mlocked:0kB bounce:0kB free_pcp:3640kB local_pcp:3640kB free_cma:0kB [ 69.718933][ T5322] lowmem_reserve[]: 0 0 0 0 0 [ 69.721502][ T5322] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 3*32kB (UM) 8*64kB (UM) 1*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 1276kB [ 69.727866][ T5322] Node 0 DMA32: 1*4kB (U) 9*8kB (ME) 17*16kB (UM) 10*32kB (M) 12*64kB (UME) 11*128kB (UME) 4*256kB (M) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 5916kB [ 69.734615][ T5322] Node 1 DMA32: 1*4kB (M) 2*8kB (UM) 2*16kB (ME) 2*32kB (UM) 3*64kB (UME) 2*128kB (UM) 1*256kB (M) 1*512kB (M) 2*1024kB (UM) 3*2048kB (UME) 32*4096kB (M) = 140596kB [ 69.742042][ T5322] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 69.746123][ T5322] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 69.750184][ T5322] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 69.754091][ T5322] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 69.758456][ T5322] 41988 total pagecache pages [ 69.760644][ T5322] 45 pages in swap cache [ 69.762945][ T5322] Free swap = 123952kB [ 69.764997][ T5322] Total swap = 124996kB [ 69.766763][ T5322] 393083 pages RAM [ 69.769083][ T5322] 0 pages HighMem/MovableOnly [ 69.771389][ T5322] 184478 pages reserved [ 69.773180][ T5322] 0 pages cma reserved [ 69.775271][ T5322] ------------[ cut here ]------------ [ 69.777836][ T5322] WARNING: CPU: 0 PID: 5322 at drivers/dma-buf/dma-buf.c:1536 dma_buf_vmap+0x306/0x3b0 [ 69.781735][ T5322] Modules linked in: [ 69.783529][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.787462][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.791973][ T5322] RIP: 0010:dma_buf_vmap+0x306/0x3b0 [ 69.794260][ T5322] Code: 64 05 cc e8 0c 99 d7 fb 90 0f 0b 90 b8 ea ff ff ff eb bc e8 fc 98 d7 fb 90 0f 0b 90 e9 0d fe ff ff e8 ee 98 d7 fb 44 89 f0 90 <0f> 0b 90 49 bd 00 00 00 00 00 fc ff df eb 91 e8 c6 9c 61 05 48 c7 [ 69.802328][ T5322] RSP: 0018:ffffc9000d3a73a0 EFLAGS: 00010293 [ 69.804737][ T5322] RAX: 00000000fffffff4 RBX: ffff8880110aec28 RCX: ffff888000558000 [ 69.808035][ T5322] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 69.811072][ T5322] RBP: ffffc9000d3a7450 R08: ffffc9000d3a7227 R09: 1ffff92001a74e44 [ 69.814183][ T5322] R10: dffffc0000000000 R11: fffff52001a74e45 R12: ffffffff85ea4500 [ 69.817555][ T5322] R13: ffff8880110aec30 R14: 00000000fffffff4 R15: 1ffff11002215d85 [ 69.820530][ T5322] FS: 00007f4d4accf6c0(0000) GS:ffff88808d722000(0000) knlGS:0000000000000000 [ 69.824516][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.827790][ T5322] CR2: 00007f4d4ab1d9b8 CR3: 0000000012560000 CR4: 0000000000352ef0 [ 69.830935][ T5322] Call Trace: [ 69.832406][ T5322] [ 69.833903][ T5322] ? drm_gem_vmap+0x4c/0x1d0 [ 69.835856][ T5322] ? __pfx_dma_buf_vmap+0x10/0x10 [ 69.838177][ T5322] drm_gem_shmem_vmap_locked+0x14c/0x790 [ 69.841036][ T5322] ? dma_resv_get_singleton+0x81/0x280 [ 69.843601][ T5322] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 69.846350][ T5322] drm_gem_vmap+0x10a/0x1d0 [ 69.848321][ T5322] drm_gem_fb_vmap+0xaa/0x8d0 [ 69.850267][ T5322] drm_atomic_helper_prepare_planes+0x2d6/0xb60 [ 69.852850][ T5322] drm_atomic_helper_commit+0x19a/0xb10 [ 69.855120][ T5322] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 69.857509][ T5322] drm_atomic_commit+0x262/0x2c0 [ 69.859447][ T5322] ? __pfx_drm_atomic_commit+0x10/0x10 [ 69.861660][ T5322] ? __pfx___drm_printfn_info+0x10/0x10 [ 69.863862][ T5322] ? drm_mode_object_get+0xcf/0x140 [ 69.866039][ T5322] ? drm_atomic_set_fb_for_plane+0x1f5/0x280 [ 69.868642][ T5322] drm_atomic_helper_update_plane+0x248/0x3b0 [ 69.871204][ T5322] drm_mode_cursor_common+0xb7e/0x12d0 [ 69.873746][ T5322] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 69.876230][ T5322] ? __kasan_save_free_info+0x46/0x50 [ 69.878716][ T5322] ? __lock_acquire+0xab9/0xd20 [ 69.880765][ T5322] ? drm_mode_cursor_ioctl+0xa6/0x110 [ 69.883081][ T5322] drm_mode_cursor_ioctl+0xbf/0x110 [ 69.885305][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.888037][ T5322] ? do_raw_spin_unlock+0x4d/0x240 [ 69.890233][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 69.892269][ T5322] ? drm_is_current_master+0x19f/0x200 [ 69.894700][ T5322] drm_ioctl_kernel+0x2cf/0x390 [ 69.896716][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.899368][ T5322] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 69.901728][ T5322] drm_ioctl+0x67f/0xb10 [ 69.903427][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 69.905949][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 69.908110][ T5322] ? __fget_files+0x3a0/0x420 [ 69.910047][ T5322] ? __fget_files+0x2a/0x420 [ 69.912005][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 69.914088][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 69.916093][ T5322] __se_sys_ioctl+0xfc/0x170 [ 69.918130][ T5322] do_syscall_64+0xfa/0xfa0 [ 69.920259][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 69.922458][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.925609][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 69.928199][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.931239][ T5322] RIP: 0033:0x7f4d49d8f7c9 [ 69.933212][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.941362][ T5322] RSP: 002b:00007f4d4accf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.945220][ T5322] RAX: ffffffffffffffda RBX: 00007f4d49fe5fa0 RCX: 00007f4d49d8f7c9 [ 69.948913][ T5322] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 69.952681][ T5322] RBP: 00007f4d4accf090 R08: 0000000000000000 R09: 0000000000000000 [ 69.955928][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.959487][ T5322] R13: 00007f4d49fe6038 R14: 00007f4d49fe5fa0 R15: 00007fff088caee8 [ 69.962836][ T5322] [ 69.964035][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.967083][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.970754][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.975129][ T5322] Call Trace: [ 69.976474][ T5322] [ 69.977663][ T5322] dump_stack_lvl+0x99/0x250 [ 69.979852][ T5322] ? __asan_memcpy+0x40/0x70 [ 69.982336][ T5322] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.985191][ T5322] ? __pfx__printk+0x10/0x10 [ 69.987493][ T5322] vpanic+0x237/0x6d0 [ 69.989013][ T5322] ? __pfx_vpanic+0x10/0x10 [ 69.990913][ T5322] panic+0xb9/0xc0 [ 69.992438][ T5322] ? __pfx_panic+0x10/0x10 [ 69.994276][ T5322] __warn+0x31b/0x4b0 [ 69.995909][ T5322] ? dma_buf_vmap+0x306/0x3b0 [ 69.997881][ T5322] ? dma_buf_vmap+0x306/0x3b0 [ 69.999866][ T5322] report_bug+0x2be/0x4f0 [ 70.001679][ T5322] ? dma_buf_vmap+0x306/0x3b0 [ 70.003666][ T5322] ? dma_buf_vmap+0x306/0x3b0 [ 70.005613][ T5322] ? dma_buf_vmap+0x308/0x3b0 [ 70.007548][ T5322] handle_bug+0x84/0x160 [ 70.009417][ T5322] exc_invalid_op+0x1a/0x50 [ 70.011417][ T5322] asm_exc_invalid_op+0x1a/0x20 [ 70.013479][ T5322] RIP: 0010:dma_buf_vmap+0x306/0x3b0 [ 70.015702][ T5322] Code: 64 05 cc e8 0c 99 d7 fb 90 0f 0b 90 b8 ea ff ff ff eb bc e8 fc 98 d7 fb 90 0f 0b 90 e9 0d fe ff ff e8 ee 98 d7 fb 44 89 f0 90 <0f> 0b 90 49 bd 00 00 00 00 00 fc ff df eb 91 e8 c6 9c 61 05 48 c7 [ 70.023717][ T5322] RSP: 0018:ffffc9000d3a73a0 EFLAGS: 00010293 [ 70.026282][ T5322] RAX: 00000000fffffff4 RBX: ffff8880110aec28 RCX: ffff888000558000 [ 70.029632][ T5322] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 70.032869][ T5322] RBP: ffffc9000d3a7450 R08: ffffc9000d3a7227 R09: 1ffff92001a74e44 [ 70.036074][ T5322] R10: dffffc0000000000 R11: fffff52001a74e45 R12: ffffffff85ea4500 [ 70.039332][ T5322] R13: ffff8880110aec30 R14: 00000000fffffff4 R15: 1ffff11002215d85 [ 70.042653][ T5322] ? __pfx_system_heap_vmap+0x10/0x10 [ 70.044977][ T5322] ? drm_gem_vmap+0x4c/0x1d0 [ 70.046932][ T5322] ? __pfx_dma_buf_vmap+0x10/0x10 [ 70.048934][ T5322] drm_gem_shmem_vmap_locked+0x14c/0x790 [ 70.051356][ T5322] ? dma_resv_get_singleton+0x81/0x280 [ 70.053627][ T5322] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 70.056254][ T5322] drm_gem_vmap+0x10a/0x1d0 [ 70.058208][ T5322] drm_gem_fb_vmap+0xaa/0x8d0 [ 70.060218][ T5322] drm_atomic_helper_prepare_planes+0x2d6/0xb60 [ 70.062737][ T5322] drm_atomic_helper_commit+0x19a/0xb10 [ 70.064985][ T5322] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 70.067440][ T5322] drm_atomic_commit+0x262/0x2c0 [ 70.069241][ T5322] ? __pfx_drm_atomic_commit+0x10/0x10 [ 70.071378][ T5322] ? __pfx___drm_printfn_info+0x10/0x10 [ 70.073693][ T5322] ? drm_mode_object_get+0xcf/0x140 [ 70.075692][ T5322] ? drm_atomic_set_fb_for_plane+0x1f5/0x280 [ 70.078173][ T5322] drm_atomic_helper_update_plane+0x248/0x3b0 [ 70.080804][ T5322] drm_mode_cursor_common+0xb7e/0x12d0 [ 70.083125][ T5322] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 70.085660][ T5322] ? __kasan_save_free_info+0x46/0x50 [ 70.087945][ T5322] ? __lock_acquire+0xab9/0xd20 [ 70.090080][ T5322] ? drm_mode_cursor_ioctl+0xa6/0x110 [ 70.092325][ T5322] drm_mode_cursor_ioctl+0xbf/0x110 [ 70.094467][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 70.096838][ T5322] ? do_raw_spin_unlock+0x4d/0x240 [ 70.098991][ T5322] ? _raw_spin_unlock+0x28/0x50 [ 70.100996][ T5322] ? drm_is_current_master+0x19f/0x200 [ 70.103267][ T5322] drm_ioctl_kernel+0x2cf/0x390 [ 70.105329][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 70.107761][ T5322] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 70.110008][ T5322] drm_ioctl+0x67f/0xb10 [ 70.111934][ T5322] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 70.114408][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 70.116386][ T5322] ? __fget_files+0x3a0/0x420 [ 70.118384][ T5322] ? __fget_files+0x2a/0x420 [ 70.120368][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 70.122449][ T5322] ? __pfx_drm_ioctl+0x10/0x10 [ 70.124477][ T5322] __se_sys_ioctl+0xfc/0x170 [ 70.126502][ T5322] do_syscall_64+0xfa/0xfa0 [ 70.128506][ T5322] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.130739][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.133107][ T5322] ? clear_bhb_loop+0x60/0xb0 [ 70.134959][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.137324][ T5322] RIP: 0033:0x7f4d49d8f7c9 [ 70.139031][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.146910][ T5322] RSP: 002b:00007f4d4accf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.150238][ T5322] RAX: ffffffffffffffda RBX: 00007f4d49fe5fa0 RCX: 00007f4d49d8f7c9 [ 70.153415][ T5322] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 70.156443][ T5322] RBP: 00007f4d4accf090 R08: 0000000000000000 R09: 0000000000000000 [ 70.159450][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 70.162557][ T5322] R13: 00007f4d49fe6038 R14: 00007f4d49fe5fa0 R15: 00007fff088caee8 [ 70.165685][ T5322] [ 70.167217][ T5322] Kernel Offset: disabled [ 70.168952][ T5322] Rebooting in 86400 seconds..