Extracting prog: 1m23.110636691s Minimizing prog: 36m1.561362074s Simplifying prog options: 0s Extracting C: 29.246230664s Simplifying C: 6m57.539246559s 1 programs, 3 VMs, timeouts [15s 6m0s] extracting reproducer from 1 programs single: executing 1 programs separately with timeout 15s testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT detailed listing: executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25) write$FUSE_DIRENT(r0, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48) program did not crash single: failed to extract reproducer single: executing 1 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT detailed listing: executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25) write$FUSE_DIRENT(r0, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48) program crashed: KASAN: stack-out-of-bounds Read in profile_pc single: successfully extracted reproducer found reproducer with 2 syscalls minimizing guilty program testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs detailed listing: executing program 0: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$FUSE_DIRENT detailed listing: executing program 0: write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT detailed listing: executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x169101, 0x25) write$FUSE_DIRENT(r0, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT detailed listing: executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25) write$FUSE_DIRENT(r0, 0x0, 0x48) failed to boot instance (try 1): failed to create VM: can't ssh into the instance failed to run ["ssh" "-p" "26595" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "root@localhost" "pwd"]: exit status 255 Connection timed out during banner exchange Connection to 127.0.0.1 port 26595 timed out ftruncate: Invalid argument qemu-system-x86_64: warning: hub 0 is not connected to host network [ 0.000000][ T0] Linux version 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 (syzkaller@syzkaller) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #0 SMP PREEMPT_DYNAMIC now [ 0.000000][ T0] Command line: root=/dev/sda console=ttyS0 root=/dev/sda1 [ 0.000000][ T0] KERNEL supported cpus: [ 0.000000][ T0] Intel GenuineIntel [ 0.000000][ T0] AMD AuthenticAMD [ 0.000000][ T0] BIOS-provided physical RAM map: [ 0.000000][ T0] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable [ 0.000000][ T0] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x0000000000100000-0x000000007ffdcfff] usable [ 0.000000][ T0] BIOS-e820: [mem 0x000000007ffdd000-0x000000007fffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000fed1c000-0x00000000fed1ffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x0000000100000000-0x000000017fffffff] usable [ 0.000000][ T0] printk: legacy bootconsole [earlyser0] enabled [ 0.000000][ T0] ERROR: earlyprintk= earlyser already used [ 0.000000][ T0] ERROR: earlyprintk= earlyser already used [ 0.000000][ T0] ********************************************************** [ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 0.000000][ T0] ** ** [ 0.000000][ T0] ** This system shows unhashed kernel memory addresses ** [ 0.000000][ T0] ** via the console, logs, and other interfaces. This ** [ 0.000000][ T0] ** might reduce the security of your system. ** [ 0.000000][ T0] ** ** [ 0.000000][ T0] ** If you see this message and you are not debugging ** [ 0.000000][ T0] ** the kernel, report this immediately to your system ** [ 0.000000][ T0] ** administrator! ** [ 0.000000][ T0] ** ** [ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 0.000000][ T0] ********************************************************** [ 0.000000][ T0] Malformed early option 'vsyscall' [ 0.000000][ T0] nopcid: PCID feature disabled [ 0.000000][ T0] NX (Execute Disable) protection: active [ 0.000000][ T0] APIC: Static calls initialized [ 0.000000][ T0] SMBIOS 3.0.0 present. [ 0.000000][ T0] DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 0.000000][ T0] DMI: Memory slots populated: 1/1 [ 0.000000][ T0] Hypervisor detected: KVM [ 0.000000][ T0] kvm-clock: Using msrs 4b564d01 and 4b564d00 [ 0.000008][ T0] kvm-clock: using sched offset of 3797720306 cycles [ 0.005333][ T0] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns [ 0.022171][ T0] tsc: Detected 2600.028 MHz processor [ 0.041639][ T0] last_pfn = 0x180000 max_arch_pfn = 0x400000000 [ 0.049865][ T0] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs [ 0.059374][ T0] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.067658][ T0] last_pfn = 0x7ffdd max_arch_pfn = 0x400000000 [ 0.084746][ T0] found SMP MP-table at [mem 0x000f5b40-0x000f5b4f] [ 0.091005][ T0] Using GB pages for direct mapping [ 0.099052][ T0] ACPI: Early table checksum verification disabled [ 0.105371][ T0] ACPI: RSDP 0x00000000000F5910 000014 (v00 BOCHS ) [ 0.111805][ T0] ACPI: RSDT 0x000000007FFE2925 000048 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.122620][ T0] ACPI: FACP 0x000000007FFE1B2C 0000F4 (v03 BOCHS BXPC 00000001 BXPC 00000001) [ 0.132380][ T0] ACPI: DSDT 0x000000007FFDF040 002AEC (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.141850][ T0] ACPI: FACS 0x000000007FFDF000 000040 [ 0.147578][ T0] ACPI: APIC 0x000000007FFE1C20 0000B0 (v03 BOCHS BXPC 00000001 BXPC 00000001) [ 0.168648][ T0] ACPI: HPET 0x000000007FFE1CD0 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.181065][ T0] ACPI: SRAT 0x000000007FFE1D08 000178 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.201052][ T0] ACPI: MCFG 0x000000007FFE1E80 00003C (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.224183][ T0] ACPI: DMAR 0x000000007FFE1EBC 0000C0 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.244438][ T0] ACPI: SSDT 0x000000007FFE1F7C 0008A1 (v01 BOCHS NVDIMM 00000001 BXPC 00000001) [ 0.252824][ T0] ACPI: NFIT 0x000000007FFE281D 0000E0 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.281171][ T0] ACPI: WAET 0x000000007FFE28FD 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.289552][ T0] ACPI: Reserving FACP table memory at [mem 0x7ffe1b2c-0x7ffe1c1f] [ 0.311097][ T0] ACPI: Reserving DSDT table memory at [mem 0x7ffdf040-0x7ffe1b2b] [ 0.332296][ T0] ACPI: Reserving FACS table memory at [mem 0x7ffdf000-0x7ffdf03f] [ 0.348005][ T0] ACPI: Reserving APIC table memory at [mem 0x7ffe1c20-0x7ffe1ccf] [ 0.355236][ T0] ACPI: Reserving HPET table memory at [mem 0x7ffe1cd0-0x7ffe1d07] [ 0.382992][ T0] ACPI: Reserving SRAT table memory at [mem 0x7ffe1d08-0x7ffe1e7f] [ 0.389780][ T0] ACPI: Reserving MCFG table memory at [mem 0x7ffe1e80-0x7ffe1ebb] [ 0.408415][ T0] ACPI: Reserving DMAR table memory at [mem 0x7ffe1ebc-0x7ffe1f7b] [ 0.434909][ T0] ACPI: Reserving SSDT table memory at [mem 0x7ffe1f7c-0x7ffe281c] [ 0.441837][ T0] ACPI: Reserving NFIT table memory at [mem 0x7ffe281d-0x7ffe28fc] [ 0.449013][ T0] ACPI: Reserving WAET table memory at [mem 0x7ffe28fd-0x7ffe2924] [ 0.456932][ T0] SRAT: PXM 0 -> APIC 0x00 -> Node 0 [ 0.461632][ T0] SRAT: PXM 0 -> APIC 0x01 -> Node 0 [ 0.466166][ T0] SRAT: PXM 0 -> APIC 0x02 -> Node 0 [ 0.471002][ T0] SRAT: PXM 0 -> APIC 0x03 -> Node 0 [ 0.475897][ T0] SRAT: PXM 0 -> APIC 0x04 -> Node 0 [ 0.480831][ T0] SRAT: PXM 0 -> APIC 0x05 -> Node 0 [ 0.485681][ T0] SRAT: PXM 0 -> APIC 0x06 -> Node 0 [ 0.490458][ T0] SRAT: PXM 0 -> APIC 0x07 -> Node 0 [ 0.495197][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0x0009ffff] [ 0.501438][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00100000-0x7fffffff] [ 0.507498][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0x17fffffff] [ 0.513630][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff] non-volatile [ 0.521105][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x57fffffff] hotplug [ 0.529920][ T0] NUMA: Node 0 [mem 0x00000000-0x0009ffff] + [mem 0x00100000-0x7fffffff] -> [mem 0x00000000-0x7fffffff] [ 0.543393][ T0] NUMA: Node 0 [mem 0x00000000-0x7fffffff] + [mem 0x100000000-0x17fffffff] -> [mem 0x00000000-0x17fffffff] [ 0.557200][ T0] Faking node 0 at [mem 0x0000000000000000-0x00000000ffffffff] (4096MB) [ 0.574701][ T0] Faking node 1 at [mem 0x0000000100000000-0x000000017fffffff] (2048MB) [ 0.583800][ T0] NODE_DATA(0) allocated [mem 0x7ffd7000-0x7ffdcfff] [ 0.589881][ T0] NODE_DATA(1) allocated [mem 0x17fff7000-0x17fffcfff] [ 0.614079][ T0] Zone ranges: [ 0.618239][ T0] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.627977][ T0] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.636403][ T0] Normal [mem 0x0000000100000000-0x000000017fffffff] [ 0.644822][ T0] Device empty [ 0.649311][ T0] Movable zone start for each node [ 0.655484][ T0] Early memory node ranges [ 0.660615][ T0] node 0: [mem 0x0000000000001000-0x000000000009efff] [ 0.669103][ T0] node 0: [mem 0x0000000000100000-0x000000007ffdcfff] [ 0.676205][ T0] node 1: [mem 0x0000000100000000-0x000000017fffffff] [ 0.684091][ T0] Initmem setup node 0 [mem 0x0000000000001000-0x000000007ffdcfff] [ 0.694771][ T0] Initmem setup node 1 [mem 0x0000000100000000-0x000000017fffffff] [ 0.704481][ T0] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.712072][ T0] On node 0, zone DMA: 97 pages in unavailable ranges [ 0.842708][ T0] On node 1, zone Normal: 35 pages in unavailable ranges [ 1.104492][ T0] kasan: KernelAddressSanitizer initialized [ 1.118227][ T0] ACPI: PM-Timer IO Port: 0x608 [ 1.140069][ T0] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) [ 1.147859][ T0] IOAPIC[0]: apic_id 0, version 32, address 0xfec00000, GSI 0-23 [ 1.157280][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 1.165724][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) [ 1.174692][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 1.183023][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) [ 1.191502][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) [ 1.199925][ T0] ACPI: Using ACPI (MADT) for SMP configuration information [ 1.208826][ T0] ACPI: HPET id: 0x8086a201 base: 0xfed00000 [ 1.216072][ T0] TSC deadline timer available [ 1.221403][ T0] CPU topo: Max. logical packages: 2 [ 1.241128][ T0] CPU topo: Max. logical dies: 2 [ 1.247482][ T0] CPU topo: Max. dies per package: 1 [ 1.253874][ T0] CPU topo: Max. threads per core: 2 [ 1.263039][ T0] CPU topo: Num. cores per package: 2 [ 1.283892][ T0] CPU topo: Num. threads per package: 4 [ 1.289285][ T0] CPU topo: Allowing 4 present CPUs plus 4 hotplug CPUs [ 1.295338][ T0] kvm-guest: APIC: eoi() replaced with kvm_guest_apic_eoi_write() [ 1.302089][ T0] kvm-guest: KVM setup pv remote TLB flush [ 1.323479][ T0] kvm-guest: setup PV sched yield [ 1.342303][ T0] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 1.349085][ T0] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff] [ 1.366247][ T0] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff] [ 1.384872][ T0] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff] [ 1.392533][ T0] PM: hibernation: Registered nosave memory: [mem 0x7ffdd000-0x7fffffff] [ 1.415961][ T0] PM: hibernation: Registered nosave memory: [mem 0x80000000-0xafffffff] [ 1.424770][ T0] PM: hibernation: Registered nosave memory: [mem 0xb0000000-0xbfffffff] [ 1.441965][ T0] PM: hibernation: Registered nosave memory: [mem 0xc0000000-0xfed1bfff] [ 1.449898][ T0] PM: hibernation: Registered nosave memory: [mem 0xfed1c000-0xfed1ffff] [ 1.472120][ T0] PM: hibernation: Registered nosave memory: [mem 0xfed20000-0xfeffbfff] [ 1.479879][ T0] PM: hibernation: Registered nosave memory: [mem 0xfeffc000-0xfeffffff] [ 1.499926][ T0] PM: hibernation: Registered nosave memory: [mem 0xff000000-0xfffbffff] [ 1.507734][ T0] PM: hibernation: Registered nosave memory: [mem 0xfffc0000-0xffffffff] [ 1.531586][ T0] [mem 0xc0000000-0xfed1bfff] available for PCI devices [ 1.554509][ T0] Booting paravirtualized kernel on KVM [ 1.574262][ T0] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 1.971840][ T0] setup_percpu: NR_CPUS:8 nr_cpumask_bits:8 nr_cpu_ids:8 nr_node_ids:2 [ 2.002418][ T0] percpu: Embedded 74 pages/cpu s264712 r8192 d30200 u1048576 [ 2.027478][ T0] kvm-guest: PV spinlocks enabled [ 2.032099][ T0] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear) [ 2.060386][ T0] Kernel command line: earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff root=/dev/sda console=ttyS0 vsyscall=native numa=fake=2 kvm-intel.nested=1 spec_store_bypass_disable=prctl nopcid vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 netrom.nr_ndevs=16 rose.rose_ndevs=16 smp.csd_lock_timeout=100000 watchdog_thresh=55 workqueue.watchdog_thresh=140 sysctl.net.core.netdev_unregister_timeout_secs=140 dummy_hcd.num=8 panic_on_warn=1 root=/dev/sda console=ttyS0 root=/dev/sda1 [ 2.267161][ T0] Unknown kernel command line parameters "spec_store_bypass_disable=prctl", will be passed to user space. [ 2.290316][ T0] random: crng init done [ 2.297013][ T0] Fallback order for Node 0: 0 1 [ 2.297040][ T0] Fallback order for Node 1: 1 0 [ 2.297061][ T0] Built 2 zonelists, mobility grouping on. Total pages: 1048443 [ 2.317822][ T0] Policy zone: Normal [ 2.323568][ T0] mem auto-init: stack:all(zero), heap alloc:on, heap free:off, mlocked free:off [ 2.335025][ T0] stackdepot: allocating hash table via alloc_large_system_hash [ 2.343840][ T0] stackdepot hash table entries: 1048576 (order: 12, 16777216 bytes, linear) [ 2.359746][ T0] software IO TLB: area num 8. [ 3.405888][ T0] Memory: 3146484K/4193772K available (165888K kernel code, 39325K rwdata, 37252K rodata, 26020K init, 34352K bss, 1047032K reserved, 0K cma-reserved) [ 3.437792][ T0] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=2 [ 3.624464][ T0] allocated 83886080 bytes of page_ext [ 3.644749][ T0] Node 0, zone DMA: page owner found early allocated 0 pages [ 3.683866][ T0] Node 0, zone DMA32: page owner found early allocated 10355 pages [ 3.716568][ T0] Node 1, zone Normal: page owner found early allocated 10243 pages [ 3.737747][ T0] Dynamic Preempt: full [ 3.743332][ T0] Running RCU self tests [ 3.758717][ T0] Running RCU synchronous self tests [ 3.762707][ T0] rcu: Preemptible hierarchical RCU implementation. [ 3.767507][ T0] rcu: RCU lockdep checking is enabled. [ 3.771587][ T0] rcu: RCU callback double-/use-after-free debug is enabled. [ 3.793288][ T0] rcu: RCU debug extended QS entry/exit. [ 3.797444][ T0] All grace periods are expedited (rcu_expedited). [ 3.801864][ T0] Trampoline variant of Tasks RCU enabled. [ 3.822686][ T0] Tracing variant of Tasks RCU enabled. [ 3.826932][ T0] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 3.833321][ T0] Running RCU synchronous self tests [ 3.837102][ T0] RCU Tasks: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1. [ 3.859356][ T0] RCU Tasks Trace: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1. [ 4.204577][ T0] NR_IRQS: 4352, nr_irqs: 488, preallocated irqs: 16 [ 4.214743][ T0] rcu: srcu_init: Setting srcu_struct sizes based on contention. [ 4.223627][ T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88816da00000-0xffff88816dc00000 [ 4.321921][ T0] Console: colour VGA+ 80x25 [ 4.339121][ T0] printk: legacy console [ttyS0] enabled [ 4.339121][ T0] printk: legacy console [ttyS0] enabled [ 4.355780][ T0] printk: legacy bootconsole [earlyser0] disabled [ 4.355780][ T0] printk: legacy bootconsole [earlyser0] disabled [ 4.391383][ T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar [ 4.400039][ T0] ... MAX_LOCKDEP_SUBCLASSES: 8 [ 4.420297][ T0] ... MAX_LOCK_DEPTH: 48 [ 4.426179][ T0] ... MAX_LOCKDEP_KEYS: 8192 [ 4.430910][ T0] ... CLASSHASH_SIZE: 4096 [ 4.450679][ T0] ... MAX_LOCKDEP_ENTRIES: 131072 [ 4.456846][ T0] ... MAX_LOCKDEP_CHAINS: 262144 [ 4.461231][ T0] ... CHAINHASH_SIZE: 131072 [ 4.465700][ T0] memory used by lock dependency info: 20721 kB [ 4.485269][ T0] memory used for stack traces: 8320 kB [ 4.491207][ T0] per task-struct memory footprint: 1920 bytes [ 4.496942][ T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl [ 4.524014][ T0] ACPI: Core revision 20240322 [ 4.545766][ T0] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns [ 4.556580][ T0] APIC: Switch to symmetric I/O mode setup [ 4.570706][ T0] DMAR: Host address width 39 [ 4.576514][ T0] DMAR: DRHD base: 0x000000fed90000 flags: 0x0 [ 4.592477][ T0] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap d2008c22260206 ecap f00f5e [ 4.615591][ T0] DMAR: ATSR flags: 0x1 [ 4.620410][ T0] DMAR-IR: IOAPIC id 0 under DRHD base 0xfed90000 IOMMU 0 [ 4.628004][ T0] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping. [ 4.644365][ T0] DMAR-IR: Enabled IRQ remapping in x2apic mode [ 4.651909][ T0] x2apic enabled [ 4.656979][ T0] APIC: Switched APIC routing to: cluster x2apic [ 4.666232][ T0] kvm-guest: APIC: send_IPI_mask() replaced with kvm_send_ipi_mask() [ 4.676198][ T0] kvm-guest: APIC: send_IPI_mask_allbutself() replaced with kvm_send_ipi_mask_allbutself() [ 4.688099][ T0] kvm-guest: setup PV IPIs [ 4.713106][ T0] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 [ 4.721738][ T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x257a5699b94, max_idle_ns: 440795293402 ns [ 4.735241][ T0] Calibrating delay loop (skipped) preset value.. 5200.05 BogoMIPS (lpj=26000280) [ 4.746569][ T0] x86/cpu: User Mode Instruction Prevention (UMIP) activated [ 4.756436][ T0] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0 [ 4.763678][ T0] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0 [ 4.765324][ T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 4.775321][ T0] Spectre V2 : WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks! [ 4.785259][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on vm exit [ 4.795240][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on syscall [ 4.801671][ T0] Spectre V2 : Mitigation: Enhanced / Automatic IBRS [ 4.805239][ T0] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 4.815240][ T0] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT [ 4.822438][ T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier [ 4.825324][ T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl [ 4.835554][ T0] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode [ 4.845240][ T0] GDS: Unknown: Dependent on hypervisor status [ 4.850601][ T0] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 4.855241][ T0] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 4.861002][ T0] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 4.865247][ T0] x86/fpu: Supporting XSAVE feature 0x020: 'AVX-512 opmask' [ 4.875241][ T0] x86/fpu: Supporting XSAVE feature 0x040: 'AVX-512 Hi256' [ 4.882447][ T0] x86/fpu: Supporting XSAVE feature 0x080: 'AVX-512 ZMM_Hi256' [ 4.885242][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 4.895239][ T0] x86/fpu: xstate_offset[5]: 832, xstate_sizes[5]: 64 [ 4.905242][ T0] x86/fpu: xstate_offset[6]: 896, xstate_sizes[6]: 512 [ 4.912101][ T0] x86/fpu: xstate_offset[7]: 1408, xstate_sizes[7]: 1024 [ 4.915240][ T0] x86/fpu: Enabled xstate features 0xe7, context size is 2432 bytes, using 'compacted' format. [ 5.334541][ T0] Freeing SMP alternatives memory: 120K [ 5.335245][ T0] pid_max: default: 32768 minimum: 301 [ 5.346051][ T0] LSM: initializing lsm=lockdown,capability,landlock,yama,safesetid,tomoyo,selinux,ima,evm [ 5.355448][ T0] landlock: Up and running. [ 5.365243][ T0] Yama: becoming mindful. [ 5.369203][ T0] TOMOYO Linux initialized [ 5.373482][ T0] SELinux: Initializing. [ 5.380549][ T0] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage) [ 5.402166][ T0] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, vmalloc) [ 5.405759][ T0] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc) [ 5.415635][ T0] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc) [ 5.437801][ T0] Running RCU synchronous self tests [ 5.443126][ T0] Running RCU synchronous self tests [ 5.447457][ T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.60GHz (family: 0x6, model: 0x6a, stepping: 0x6) [ 5.477006][ T1] Running RCU Tasks wait API self tests [ 5.481509][ T1] Running RCU Tasks Trace wait API self tests [ 5.485485][ T1] Performance Events: unsupported p6 CPU model 106 no PMU driver, software events only. [ 5.495475][ T1] signal: max sigframe size: 3632 [ 5.505528][ T1] rcu: Hierarchical SRCU implementation. [ 5.509703][ T1] rcu: Max phase no-delay instances is 1000. [ 5.514385][ T15] Callback from call_rcu_tasks_trace() invoked. [ 5.554691][ T1] NMI watchdog: Perf NMI watchdog permanently disabled [ 5.566703][ T1] smp: Bringing up secondary CPUs ... [ 5.574593][ T1] smpboot: x86: Booting SMP configuration: [ 5.575360][ T1] .... node #0, CPUs: #2 [ 5.592335][ T1] #1 #3 [ 5.626195][ T1] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details. [ 5.645754][ T1] smp: Brought up 2 nodes, 4 CPUs [ 5.649268][ T1] smpboot: Total of 4 processors activated (20800.22 BogoMIPS) [ 5.697848][ T14] Callback from call_rcu_tasks() invoked. [ 5.702792][ T1] devtmpfs: initialized [ 5.707503][ T1] x86/mm: Memory block size: 128MB [ 5.901247][ T1] Running RCU synchronous self tests [ 5.925274][ T1] Running RCU synchronous self tests [ 5.945465][ T1] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 5.956511][ T1] futex hash table entries: 2048 (order: 6, 262144 bytes, vmalloc) [ 5.975164][ T1] PM: RTC time: 17:13:16, date: 2024-05-29 [ 6.001351][ T1] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 6.031312][ T1] audit: initializing netlink subsys (disabled) [ 6.055299][ T39] audit: type=2000 audit(1717002796.547:1): state=initialized audit_enabled=0 res=1 [ 6.055220][ T1] thermal_sys: Registered thermal governor 'step_wise' [ 6.055220][ T1] thermal_sys: Registered thermal governor 'user_space' [ 6.095235][ T1] cpuidle: using governor menu [ 6.107196][ T1] NET: Registered PF_QIPCRTR protocol family [ 6.115707][ T1] dca service started, version 1.12.1 [ 6.121818][ T1] PCI: ECAM [mem 0xb0000000-0xbfffffff] (base 0xb0000000) for domain 0000 [bus 00-ff] [ 6.135300][ T1] PCI: ECAM [mem 0xb0000000-0xbfffffff] reserved as E820 entry [ 6.299380][ T1] PCI: Using configuration type 1 for base access [ 6.410985][ T1] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages [ 6.415250][ T1] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page [ 6.422247][ T1] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages [ 6.425258][ T1] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page [ 6.445903][ T1] Demotion targets for Node 0: null [ 6.450074][ T1] Demotion targets for Node 1: null [ 6.516247][ T1] cryptd: max_cpu_qlen set to 1000 [ 6.529147][ T1] raid6: skipped pq benchmark and selected avx512x4 [ 6.535282][ T1] raid6: using avx512x2 recovery algorithm [ 6.543172][ T1] ACPI: Added _OSI(Module Device) [ 6.545269][ T1] ACPI: Added _OSI(Processor Device) [ 6.550177][ T1] ACPI: Added _OSI(3.0 _SCP Extensions) [ 6.551494][ T1] ACPI: Added _OSI(Processor Aggregator Device) [ 6.912523][ T1] ACPI: 2 ACPI AML tables successfully acquired and loaded [ 7.005341][ T1] ACPI: _OSC evaluation for CPUs failed, trying _PDC [ 7.029567][ T1] ACPI: Interpreter enabled [ 7.045934][ T1] ACPI: PM: (supports S0 S3 S4 S5) [ 7.049687][ T1] ACPI: Using IOAPIC for interrupt routing [ 7.056327][ T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 7.065340][ T1] PCI: Using E820 reservations for host bridge windows [ 7.081117][ T1] ACPI: Enabled 4 GPEs in block 00 to 3F [ 7.581011][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 7.585378][ T1] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3] [ 7.612093][ T1] acpi PNP0A08:00: _OSC: platform does not support [PCIeHotplug LTR] [ 7.656472][ T1] acpi PNP0A08:00: _OSC: OS now controls [PME AER PCIeCapability] [ 7.679339][ T1] PCI host bridge to bus 0000:00 [ 7.683291][ T1] pci_bus 0000:00: Unknown NUMA node; performance will be reduced [ 7.705305][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 7.711917][ T1] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 7.725925][ T1] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 7.732273][ T1] pci_bus 0000:00: root bus resource [mem 0x80000000-0xafffffff window] [ 7.745300][ T1] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window] [ 7.752712][ T1] pci_bus 0000:00: root bus resource [mem 0x580000000-0xd7fffffff window] [ 7.755305][ T1] pci_bus 0000:00: root bus resource [bus 00-ff] [ 7.762574][ T1] pci 0000:00:00.0: [8086:29c0] type 00 class 0x060000 conventional PCI endpoint [ 7.786709][ T1] pci 0000:00:01.0: [1af4:1050] type 00 class 0x030000 conventional PCI endpoint [ 7.817411][ T1] pci 0000:00:01.0: BAR 0 [mem 0xfd800000-0xfdffffff pref] [ 7.837253][ T1] pci 0000:00:01.0: BAR 2 [mem 0xfe200000-0xfe203fff 64bit pref] [ 7.865432][ T1] pci 0000:00:01.0: BAR 4 [mem 0xfeaf4000-0xfeaf4fff] [ 7.889632][ T1] pci 0000:00:01.0: ROM [mem 0xfeae0000-0xfeaeffff pref] [ 7.906969][ T1] pci 0000:00:01.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 7.935394][ T1] pci 0000:00:01.0: pci_fixup_video+0x0/0x340 took 29296 usecs [ 7.955925][ T1] pci 0000:00:02.0: [8086:10d3] type 00 class 0x020000 PCIe Root Complex Integrated Endpoint [ 7.989449][ T1] pci 0000:00:02.0: BAR 0 [mem 0xfea80000-0xfea9ffff] [ 8.009044][ T1] pci 0000:00:02.0: BAR 1 [mem 0xfeaa0000-0xfeabffff] [ 8.035259][ T1] pci 0000:00:02.0: BAR 2 [io 0xc080-0xc09f] [ 8.043764][ T1] pci 0000:00:02.0: BAR 3 [mem 0xfeaf0000-0xfeaf3fff] [ 8.055219][ T1] pci 0000:00:02.0: ROM [mem 0xfea00000-0xfea3ffff pref] [ 8.088748][ T1] pci 0000:00:03.0: [1af4:1005] type 00 class 0x00ff00 conventional PCI endpoint [ 8.098627][ T1] pci 0000:00:03.0: BAR 0 [io 0xc0a0-0xc0bf] [ 8.108306][ T1] pci 0000:00:03.0: BAR 1 [mem 0xfeaf5000-0xfeaf5fff] [ 8.117451][ T1] pci 0000:00:03.0: BAR 4 [mem 0xfe204000-0xfe207fff 64bit pref] [ 8.180218][ T1] pci 0000:00:04.0: [8086:3420] type 01 class 0x060400 PCIe Root Port [ 8.220107][ T1] pci 0000:00:04.0: PCI bridge to [bus 01] [ 8.245588][ T1] pci 0000:00:04.0: bridge window [mem 0xfe800000-0xfe9fffff] [ 8.266786][ T1] pci 0000:00:04.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] [ 8.295955][ T1] pci 0000:00:05.0: [1af4:1009] type 00 class 0x000200 conventional PCI endpoint [ 8.305254][ T1] pci 0000:00:05.0: BAR 0 [io 0xc0c0-0xc0df] [ 8.335314][ T1] pci 0000:00:05.0: BAR 1 [mem 0xfeaf6000-0xfeaf6fff] [ 8.375277][ T1] pci 0000:00:05.0: BAR 4 [mem 0xfe208000-0xfe20bfff 64bit pref] [ 8.413649][ T1] pci 0000:00:06.0: [8086:100e] type 00 class 0x020000 conventional PCI endpoint [ 8.426580][ T1] pci 0000:00:06.0: BAR 0 [mem 0xfeac0000-0xfeadffff] [ 8.437704][ T1] pci 0000:00:06.0: BAR 1 [io 0xc000-0xc03f] [ 8.452413][ T1] pci 0000:00:06.0: ROM [mem 0xfea40000-0xfea7ffff pref] [ 8.488312][ T1] pci 0000:00:1d.0: [8086:2934] type 00 class 0x0c0300 conventional PCI endpoint [ 8.520570][ T1] pci 0000:00:1d.0: BAR 4 [io 0xc0e0-0xc0ff] [ 8.533944][ T1] pci 0000:00:1d.1: [8086:2935] type 00 class 0x0c0300 conventional PCI endpoint [ 8.553037][ T1] pci 0000:00:1d.1: BAR 4 [io 0xc100-0xc11f] [ 8.581319][ T1] pci 0000:00:1d.2: [8086:2936] type 00 class 0x0c0300 conventional PCI endpoint [ 8.606806][ T1] pci 0000:00:1d.2: BAR 4 [io 0xc120-0xc13f] [ 8.629104][ T1] pci 0000:00:1d.7: [8086:293a] type 00 class 0x0c0320 conventional PCI endpoint [ 8.634278][ T1] pci 0000:00:1d.7: BAR 0 [mem 0xfeaf7000-0xfeaf7fff] [ 8.678769][ T1] pci 0000:00:1f.0: [8086:2918] type 00 class 0x060100 conventional PCI endpoint [ 8.690625][ T1] pci 0000:00:1f.0: quirk: [io 0x0600-0x067f] claimed by ICH6 ACPI/GPIO/TCO [ 8.700987][ T1] pci 0000:00:1f.2: [8086:2922] type 00 class 0x010601 conventional PCI endpoint [ 8.719078][ T1] pci 0000:00:1f.2: BAR 4 [io 0xc140-0xc15f] [ 8.726038][ T1] pci 0000:00:1f.2: BAR 5 [mem 0xfeaf8000-0xfeaf8fff] [ 8.735219][ T1] pci 0000:00:1f.3: [8086:2930] type 00 class 0x0c0500 conventional PCI endpoint [ 8.746918][ T1] pci 0000:00:1f.3: BAR 4 [io 0x0700-0x073f] [ 8.763041][ T1] pci 0000:00:04.0: PCI bridge to [bus 01] [ 8.765491][ T1] ACPI: PCI: Interrupt link LNKA configured for IRQ 10 [ 8.775219][ T1] ACPI: PCI: Interrupt link LNKB configured for IRQ 10 [ 8.792294][ T1] ACPI: PCI: Interrupt link LNKC configured for IRQ 11 [ 8.814554][ T1] ACPI: PCI: Interrupt link LNKD configured for IRQ 11 [ 8.815219][ T1] ACPI: PCI: Interrupt link LNKE configured for IRQ 10 [ 8.815219][ T1] ACPI: PCI: Interrupt link LNKF configured for IRQ 10 [ 8.815219][ T1] ACPI: PCI: Interrupt link LNKG configured for IRQ 11 [ 8.839554][ T1] ACPI: PCI: Interrupt link LNKH configured for IRQ 11 [ 8.845219][ T1] ACPI: PCI: Interrupt link GSIA configured for IRQ 16 [ 8.845219][ T1] ACPI: PCI: Interrupt link GSIB configured for IRQ 17 [ 8.856161][ T1] ACPI: PCI: Interrupt link GSIC configured for IRQ 18 [ 8.866194][ T1] ACPI: PCI: Interrupt link GSID configured for IRQ 19 [ 8.876219][ T1] ACPI: PCI: Interrupt link GSIE configured for IRQ 20 [ 8.886241][ T1] ACPI: PCI: Interrupt link GSIF configured for IRQ 21 [ 8.896830][ T1] ACPI: PCI: Interrupt link GSIG configured for IRQ 22 [ 8.903212][ T1] ACPI: PCI: Interrupt link GSIH configured for IRQ 23 [ 9.046600][ T1] iommu: Default domain type: Translated [ 9.048928][ T1] iommu: DMA domain TLB invalidation policy: lazy mode [ 9.068955][ T1] SCSI subsystem initialized [ 9.077525][ T1] ACPI: bus type USB registered [ 9.086193][ T1] usbcore: registered new interface driver usbfs [ 9.091758][ T1] usbcore: registered new interface driver hub [ 9.095697][ T1] usbcore: registered new device driver usb [ 9.103804][ T1] mc: Linux media interface: v0.10 [ 9.105530][ T1] videodev: Linux video capture interface: v2.00 [ 9.112575][ T1] pps_core: LinuxPPS API ver. 1 registered [ 9.115251][ T1] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti [ 9.125516][ T1] PTP clock support registered [ 9.135504][ T1] EDAC MC: Ver: 3.0.0 [ 9.150038][ T1] Advanced Linux Sound Architecture Driver Initialized. [ 9.175340][ T1] Bluetooth: Core ver 2.22 [ 9.178872][ T1] NET: Registered PF_BLUETOOTH protocol family [ 9.183030][ T1] Bluetooth: HCI device and connection manager initialized [ 9.185345][ T1] Bluetooth: HCI socket layer initialized [ 9.190481][ T1] Bluetooth: L2CAP socket layer initialized [ 9.195431][ T1] Bluetooth: SCO socket layer initialized [ 9.205509][ T1] NET: Registered PF_ATMPVC protocol family [ 9.215254][ T1] NET: Registered PF_ATMSVC protocol family [ 9.220876][ T1] NetLabel: Initializing [ 9.224610][ T1] NetLabel: domain hash size = 128 [ 9.225251][ T1] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 9.231546][ T1] NetLabel: unlabeled traffic allowed by default [ 9.238298][ T1] nfc: nfc_init: NFC Core ver 0.1 [ 9.243273][ T1] NET: Registered PF_NFC protocol family [ 9.245501][ T1] PCI: Using ACPI for IRQ routing [ 9.825662][ T1] pci 0000:00:01.0: vgaarb: setting as boot VGA device [ 9.830473][ T1] pci 0000:00:01.0: vgaarb: bridge control possible [ 9.835219][ T1] pci 0000:00:01.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none [ 9.835219][ T1] vgaarb: loaded [ 9.839670][ T1] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0 [ 9.845219][ T1] hpet0: 3 comparators, 64-bit 100.000000 MHz counter [ 9.885219][ T1] clocksource: Switched to clocksource kvm-clock [ 9.896533][ T1] VFS: Disk quotas dquot_6.6.0 [ 9.919955][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 9.967714][ T1] netfs: FS-Cache loaded [ 9.972917][ T1] CacheFiles: Loaded [ 9.976755][ T1] TOMOYO: 2.6.0 [ 9.979319][ T1] Mandatory Access Control activated. [ 9.984868][ T1] pnp: PnP ACPI init [ 10.021783][ T1] system 00:06: [mem 0xb0000000-0xbfffffff window] has been reserved [ 10.084482][ T1] pnp: PnP ACPI: found 7 devices [ 10.199794][ T1] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 10.211486][ T1] NET: Registered PF_INET protocol family [ 10.239808][ T1] IP idents hash table entries: 65536 (order: 7, 524288 bytes, vmalloc) [ 10.274436][ T1] tcp_listen_portaddr_hash hash table entries: 2048 (order: 5, 147456 bytes, vmalloc) [ 10.282449][ T1] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, vmalloc) [ 10.296817][ T1] TCP established hash table entries: 32768 (order: 6, 262144 bytes, vmalloc) [ 10.331462][ T1] TCP bind hash table entries: 32768 (order: 10, 4718592 bytes, vmalloc hugepage) [ 10.364585][ T1] TCP: Hash tables configured (established 32768 bind 32768) [ 10.384175][ T1] MPTCP token hash table entries: 4096 (order: 6, 360448 bytes, vmalloc) [ 10.404463][ T1] UDP hash table entries: 2048 (order: 6, 327680 bytes, vmalloc) [ 10.423742][ T1] UDP-Lite hash table entries: 2048 (order: 6, 327680 bytes, vmalloc) [ 10.433489][ T1] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 10.447835][ T1] RPC: Registered named UNIX socket transport module. [ 10.454249][ T1] RPC: Registered udp transport module. [ 10.460433][ T1] RPC: Registered tcp transport module. [ 10.464208][ T1] RPC: Registered tcp-with-tls transport module. [ 10.469449][ T1] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 10.481728][ T1] NET: Registered PF_XDP protocol family [ 10.486960][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x0fff] to [bus 01] add_size 1000 [ 10.496367][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x1fff]: assigned [ 10.503505][ T1] pci 0000:00:04.0: PCI bridge to [bus 01] [ 10.508751][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x1fff] [ 10.516877][ T1] pci 0000:00:04.0: bridge window [mem 0xfe800000-0xfe9fffff] [ 10.524729][ T1] pci 0000:00:04.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] [ 10.535474][ T1] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window] [ 10.547704][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window] [ 10.554353][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window] [ 10.561584][ T1] pci_bus 0000:00: resource 7 [mem 0x80000000-0xafffffff window] [ 10.568821][ T1] pci_bus 0000:00: resource 8 [mem 0xc0000000-0xfebfffff window] [ 10.575992][ T1] pci_bus 0000:00: resource 9 [mem 0x580000000-0xd7fffffff window] [ 10.590729][ T1] pci_bus 0000:01: resource 0 [io 0x1000-0x1fff] [ 10.613346][ T1] pci_bus 0000:01: resource 1 [mem 0xfe800000-0xfe9fffff] [ 10.619888][ T1] pci_bus 0000:01: resource 2 [mem 0xfe000000-0xfe1fffff 64bit pref] [ 10.712130][ T1] ACPI: \_SB_.GSIA: Enabled at IRQ 16 [ 10.829994][ T1] pci 0000:00:1d.0: quirk_usb_early_handoff+0x0/0x1440 took 183920 usecs [ 10.919700][ T1] ACPI: \_SB_.GSIB: Enabled at IRQ 17 [ 11.035228][ T1] pci 0000:00:1d.1: quirk_usb_early_handoff+0x0/0x1440 took 183220 usecs [ 11.137245][ T1] ACPI: \_SB_.GSIC: Enabled at IRQ 18 [ 11.191857][ T1] pci 0000:00:1d.2: quirk_usb_early_handoff+0x0/0x1440 took 144454 usecs [ 11.246639][ T1] ACPI: \_SB_.GSID: Enabled at IRQ 19 [ 11.324416][ T1] pci 0000:00:1d.7: quirk_usb_early_handoff+0x0/0x1440 took 121091 usecs [ 11.334699][ T1] PCI: CLS 0 bytes, default 64 [ 11.341000][ T1] DMAR: No RMRR found [ 11.345800][ T1] DMAR: No SATC found [ 11.349716][ T1] DMAR: dmar0: Using Queued invalidation [ 11.359605][ T1] pci 0000:00:00.0: Adding to iommu group 0 [ 11.367020][ T1] pci 0000:00:01.0: Adding to iommu group 1 [ 11.374422][ T1] pci 0000:00:02.0: Adding to iommu group 2 [ 11.376581][ T73] kworker/u32:3 (73) used greatest stack depth: 27984 bytes left [ 11.382040][ T1] pci 0000:00:03.0: Adding to iommu group 3 [ 11.393084][ T1] pci 0000:00:04.0: Adding to iommu group 4 [ 11.399653][ T1] pci 0000:00:05.0: Adding to iommu group 5 [ 11.407030][ T1] pci 0000:00:06.0: Adding to iommu group 6 [ 11.413440][ T1] pci 0000:00:1d.0: Adding to iommu group 7 [ 11.419360][ T1] pci 0000:00:1d.1: Adding to iommu group 7 [ 11.425476][ T1] pci 0000:00:1d.2: Adding to iommu group 7 [ 11.431539][ T1] pci 0000:00:1d.7: Adding to iommu group 7 [ 11.437854][ T1] pci 0000:00:1f.0: Adding to iommu group 8 [ 11.444268][ T1] pci 0000:00:1f.2: Adding to iommu group 8 [ 11.450819][ T1] pci 0000:00:1f.3: Adding to iommu group 8 [ 11.580726][ T1] DMAR: Intel(R) Virtualization Technology for Directed I/O [ 11.587173][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 11.595649][ T1] software IO TLB: mapped [mem 0x0000000067000000-0x000000006b000000] (64MB) [ 11.603420][ T1] ACPI: bus type thunderbolt registered [ 11.619740][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer [ 12.924655][ T1] kvm_amd: CPU 2 isn't AMD or Hygon [ 12.929490][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x257a5699b94, max_idle_ns: 440795293402 ns [ 13.027935][ T1] clocksource: Switched to clocksource tsc [ 13.033829][ T77] kworker/u32:3 (77) used greatest stack depth: 26976 bytes left [ 13.482469][ T1] Initialise system trusted keyrings [ 13.492258][ T1] workingset: timestamp_bits=40 max_order=20 bucket_order=0 [ 13.535962][ T1] DLM installed [ 13.545829][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 13.563187][ T1] NFS: Registering the id_resolver key type [ 13.569668][ T1] Key type id_resolver registered [ 13.576444][ T1] Key type id_legacy registered [ 13.580889][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering... [ 13.588179][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering... [ 13.654321][ T1] Key type cifs.spnego registered [ 13.659636][ T1] Key type cifs.idmap registered [ 13.665129][ T1] ntfs3: Enabled Linux POSIX ACLs support [ 13.669184][ T1] ntfs3: Read-only LZX/Xpress compression included [ 13.673943][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/ [ 13.694479][ T1] jffs2: version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat, Inc. [ 13.703827][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc. [ 13.708060][ T1] QNX4 filesystem 0.2.3 registered. [ 13.728856][ T1] qnx6: QNX6 filesystem 1.0.0 registered. [ 13.734021][ T1] fuse: init (API version 7.40) [ 13.757163][ T1] orangefs_debugfs_init: called with debug mask: :none: :0: [ 13.773966][ T1] orangefs_init: module version upstream loaded [ 13.781509][ T1] JFS: nTxBlock = 8192, nTxLock = 65536 [ 13.936806][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled [ 13.954290][ T1] 9p: Installing v9fs 9p2000 file system support [ 13.959687][ T1] NILFS version 2 loaded [ 13.963616][ T1] befs: version: 0.9.3 [ 13.967686][ T1] ocfs2: Registered cluster interface o2cb [ 13.991811][ T1] ocfs2: Registered cluster interface user [ 13.999757][ T1] OCFS2 User DLM kernel interface loaded [ 14.050761][ T1] gfs2: GFS2 installed [ 14.078245][ T1] ceph: loaded (mds proto 32) [ 14.130606][ T1] NET: Registered PF_ALG protocol family [ 14.137462][ T1] xor: automatically using best checksumming function avx [ 14.146691][ T1] async_tx: api initialized (async) [ 14.153954][ T1] Key type asymmetric registered [ 14.159861][ T1] Asymmetric key parser 'x509' registered [ 14.167162][ T1] Asymmetric key parser 'pkcs8' registered [ 14.173975][ T1] Key type pkcs7_test registered [ 14.184116][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) [ 14.191941][ T1] io scheduler mq-deadline registered [ 14.201781][ T1] io scheduler kyber registered [ 14.217231][ T1] io scheduler bfq registered [ 14.249472][ T155] kworker/u32:1 (155) used greatest stack depth: 26752 bytes left [ 14.312172][ T1] ACPI: \_SB_.GSIE: Enabled at IRQ 20 [ 14.327576][ T1] pcieport 0000:00:04.0: PME: Signaling with IRQ 25 [ 14.362172][ T1] pcieport 0000:00:04.0: AER: enabled with IRQ 26 [ 14.406590][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 [ 14.428178][ T1] ACPI: button: Power Button [PWRF] [ 15.390057][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00 [ 15.456798][ T1] ACPI: \_SB_.GSIF: Enabled at IRQ 21 [ 15.587338][ T1] ACPI: \_SB_.GSIH: Enabled at IRQ 23 [ 16.715982][ T1] N_HDLC line discipline registered with maxframe=4096 [ 16.727511][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled [ 16.745453][ T1] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 16.816064][ T1] Non-volatile memory driver v1.3 [ 16.839141][ T1] Linux agpgart interface v0.103 [ 16.850970][ T1] ACPI: bus type drm_connector registered [ 16.872065][ T1] [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [ 16.906250][ T1] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 [ 17.038865][ T1] Console: switching to colour frame buffer device 128x48 [ 17.068774][ T1] platform vkms: [drm] fb0: vkmsdrmfb frame buffer device [ 17.075224][ T1] usbcore: registered new interface driver udl [ 17.087666][ T1] [drm] pci: virtio-vga detected at 0000:00:01.0 [ 17.100651][ T1] virtio-pci 0000:00:01.0: vgaarb: deactivate vga console [ 17.116178][ T1] [drm] features: -virgl +edid -resource_blob -host_visible [ 17.116197][ T1] [drm] features: -context_init [ 17.135875][ T1] [drm] number of scanouts: 1 [ 17.139155][ T1] [drm] number of cap sets: 0 [ 17.153917][ T1] [drm] Initialized virtio_gpu 0.1.0 0 for 0000:00:01.0 on minor 2 [ 17.243317][ T1] fbcon: virtio_gpudrmfb (fb1) is primary device [ 17.243344][ T1] fbcon: Remapping primary device, fb1, to tty 1-63 [ 17.517544][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.372493][ T40] INFO: task swapper/0:1 blocked for more than 143 seconds. [ 294.372523][ T40] Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 294.372534][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 294.372540][ T40] task:swapper/0 state:D stack:22192 pid:1 tgid:1 ppid:0 flags:0x00004000 [ 294.372568][ T40] Call Trace: [ 294.372575][ T40] [ 294.372583][ T40] __schedule+0xf15/0x5d00 [ 294.372612][ T40] ? __pfx___lock_acquire+0x10/0x10 [ 294.372636][ T40] ? __pfx___lock_acquire+0x10/0x10 [ 294.372660][ T40] ? __pfx___schedule+0x10/0x10 [ 294.372680][ T40] ? schedule+0x298/0x350 [ 294.372700][ T40] ? __pfx_lock_release+0x10/0x10 [ 294.372722][ T40] ? __ww_mutex_lock.constprop.0+0xf50/0x2650 [ 294.372747][ T40] ? __mutex_trylock_common+0x78/0x250 [ 294.372773][ T40] schedule+0xe7/0x350 [ 294.372793][ T40] schedule_preempt_disabled+0x13/0x30 [ 294.372816][ T40] __ww_mutex_lock.constprop.0+0xf55/0x2650 [ 294.372841][ T40] ? ret_from_fork+0x45/0x80 [ 294.372863][ T40] ? ret_from_fork_asm+0x1a/0x30 [ 294.372887][ T40] ? modeset_lock+0x488/0x6c0 [ 294.372911][ T40] ? __pfx___ww_mutex_lock.constprop.0+0x10/0x10 [ 294.372970][ T40] ? __pfx___might_resched+0x10/0x10 [ 294.372987][ T40] ? ww_mutex_lock+0x37/0x140 [ 294.373000][ T40] ww_mutex_lock+0x37/0x140 [ 294.373021][ T40] modeset_lock+0x488/0x6c0 [ 294.373046][ T40] drm_modeset_lock+0x59/0x90 [ 294.373062][ T40] drm_atomic_get_plane_state+0x19d/0x590 [ 294.373082][ T40] drm_client_modeset_commit_atomic+0x246/0x810 [ 294.373101][ T40] ? trace_contention_end+0xea/0x140 [ 294.373117][ T40] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 294.373138][ T40] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 294.373165][ T40] drm_client_modeset_commit_locked+0x14d/0x580 [ 294.373183][ T40] drm_fb_helper_pan_display+0x2a5/0x990 [ 294.373205][ T40] ? irqentry_exit+0x3b/0x90 [ 294.373221][ T40] fb_pan_display+0x477/0x7d0 [ 294.373238][ T40] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 294.373260][ T40] bit_update_start+0x49/0x1f0 [ 294.373283][ T40] fbcon_switch+0xbbf/0x12f0 [ 294.373304][ T40] ? __pfx_fbcon_switch+0x10/0x10 [ 294.373327][ T40] ? __pfx_bit_cursor+0x10/0x10 [ 294.373347][ T40] ? fbcon_cursor+0x3bf/0x520 [ 294.373366][ T40] ? is_console_locked+0x9/0x20 [ 294.373385][ T40] ? con_is_visible+0x65/0x150 [ 294.373401][ T40] redraw_screen+0x2bf/0x760 [ 294.373422][ T40] ? fbcon_prepare_logo+0x8e5/0xc70 [ 294.373443][ T40] ? __pfx_redraw_screen+0x10/0x10 [ 294.373463][ T40] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 294.373485][ T40] set_con2fb_map+0x796/0x1060 [ 294.373508][ T40] fbcon_fb_registered+0x21d/0x6a0 [ 294.373530][ T40] ? fb_var_to_videomode+0x4c9/0x690 [ 294.373546][ T40] register_framebuffer+0x485/0x840 [ 294.373562][ T40] ? __pfx_register_framebuffer+0x10/0x10 [ 294.373579][ T40] ? drm_fbdev_generic_helper_fb_probe+0x49e/0x680 [ 294.373600][ T40] __drm_fb_helper_initial_config_and_unlock+0xd82/0x1650 [ 294.373626][ T40] ? __pfx___mutex_lock+0x10/0x10 [ 294.373648][ T40] ? __pfx___drm_fb_helper_initial_config_and_unlock+0x10/0x10 [ 294.373673][ T40] drm_fb_helper_initial_config+0x44/0x60 [ 294.373696][ T40] drm_fbdev_generic_client_hotplug+0x1a6/0x280 [ 294.373716][ T40] ? __pfx_drm_fbdev_generic_client_hotplug+0x10/0x10 [ 294.373737][ T40] drm_client_register+0x195/0x280 [ 294.373760][ T40] drm_fbdev_generic_setup+0x184/0x340 [ 294.373782][ T40] virtio_gpu_probe+0x29d/0x4e0 [ 294.373806][ T40] virtio_dev_probe+0x5ff/0x9b0 [ 294.373827][ T40] ? __pfx_virtio_dev_probe+0x10/0x10 [ 294.373846][ T40] really_probe+0x23e/0xa90 [ 294.373863][ T40] __driver_probe_device+0x1de/0x440 [ 294.373880][ T40] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 294.373900][ T40] driver_probe_device+0x4c/0x1b0 [ 294.373917][ T40] __driver_attach+0x283/0x580 [ 294.373933][ T40] ? __pfx___driver_attach+0x10/0x10 [ 294.373949][ T40] bus_for_each_dev+0x13c/0x1d0 [ 294.373972][ T40] ? __pfx_bus_for_each_dev+0x10/0x10 [ 294.373994][ T40] bus_add_driver+0x2e9/0x690 [ 294.374009][ T40] driver_register+0x15c/0x4b0 [ 294.374037][ T40] ? __register_virtio_driver+0x56/0x100 [ 294.374057][ T40] ? __pfx_virtio_gpu_driver_init+0x10/0x10 [ 294.374081][ T40] do_one_initcall+0x128/0x700 [ 294.374103][ T40] ? __pfx_do_one_initcall+0x10/0x10 [ 294.374125][ T40] ? trace_kmalloc+0x2d/0xe0 [ 294.374143][ T40] ? __kmalloc_noprof+0x20b/0x410 [ 294.374166][ T40] kernel_init_freeable+0x69d/0xca0 [ 294.374186][ T40] ? __pfx_kernel_init+0x10/0x10 [ 294.374206][ T40] kernel_init+0x1c/0x2b0 [ 294.374224][ T40] ? __pfx_kernel_init+0x10/0x10 [ 294.374240][ T40] ret_from_fork+0x45/0x80 [ 294.374259][ T40] ? __pfx_kernel_init+0x10/0x10 [ 294.374276][ T40] ret_from_fork_asm+0x1a/0x30 [ 294.374299][ T40] [ 294.374310][ T40] INFO: task kworker/0:0:8 blocked for more than 143 seconds. [ 294.374321][ T40] Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 294.374331][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 294.374338][ T40] task:kworker/0:0 state:D stack:27920 pid:8 tgid:8 ppid:2 flags:0x00004000 [ 294.374369][ T40] Workqueue: events virtio_gpu_dequeue_ctrl_func [ 294.374391][ T40] Call Trace: [ 294.374398][ T40] [ 294.374405][ T40] __schedule+0xf15/0x5d00 [ 294.374426][ T40] ? __pfx___lock_acquire+0x10/0x10 [ 294.374449][ T40] ? __pfx___lock_acquire+0x10/0x10 [ 294.374474][ T40] ? __pfx___schedule+0x10/0x10 [ 294.374495][ T40] ? schedule+0x298/0x350 [ 294.374515][ T40] ? __pfx_lock_release+0x10/0x10 [ 294.374537][ T40] ? __mutex_lock+0x5b3/0x9c0 [ 294.374560][ T40] ? __mutex_trylock_common+0x78/0x250 [ 294.374586][ T40] schedule+0xe7/0x350 [ 294.374607][ T40] schedule_preempt_disabled+0x13/0x30 [ 294.374630][ T40] __mutex_lock+0x5b8/0x9c0 [ 294.374655][ T40] ? call_usermodehelper_setup+0x252/0x340 [ 294.374674][ T40] ? kobject_uevent_env+0x2db/0x1810 [ 294.374694][ T40] ? drm_client_dev_hotplug+0x169/0x3c0 [ 294.374711][ T40] ? __pfx___mutex_lock+0x10/0x10 [ 294.374736][ T40] ? __pfx_lock_release+0x10/0x10 [ 294.374762][ T40] ? drm_client_dev_hotplug+0x169/0x3c0 [ 294.374778][ T40] drm_client_dev_hotplug+0x169/0x3c0 [ 294.374796][ T40] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 294.374820][ T40] virtio_gpu_cmd_get_display_info_cb+0x3e1/0x550 [ 294.374843][ T40] ? __pfx_virtio_gpu_cmd_get_display_info_cb+0x10/0x10 [ 294.374866][ T40] virtio_gpu_dequeue_ctrl_func+0x209/0x7d0 [ 294.374889][ T40] ? __pfx_virtio_gpu_dequeue_ctrl_func+0x10/0x10 [ 294.374912][ T40] process_one_work+0x9fb/0x1b60 [ 294.374932][ T40] ? __pfx_lock_acquire+0x10/0x10 [ 294.374957][ T40] ? __pfx_process_one_work+0x10/0x10 [ 294.374976][ T40] ? assign_work+0x1a0/0x250 [ 294.375001][ T40] worker_thread+0x6c8/0xf70 [ 294.375028][ T40] ? __pfx_worker_thread+0x10/0x10 [ 294.375045][ T40] kthread+0x2c1/0x3a0 [ 294.375066][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 294.375088][ T40] ? __pfx_kthread+0x10/0x10 [ 294.375109][ T40] ret_from_fork+0x45/0x80 [ 294.375133][ T40] ? __pfx_kthread+0x10/0x10 [ 294.375154][ T40] ret_from_fork_asm+0x1a/0x30 [ 294.375181][ T40] [ 294.375215][ T40] INFO: task kworker/0:2:827 blocked for more than 143 seconds. [ 294.375227][ T40] Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 294.375237][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 294.375244][ T40] task:kworker/0:2 state:D stack:26496 pid:827 tgid:827 ppid:2 flags:0x00004000 [ 294.375276][ T40] Workqueue: events drm_fb_helper_damage_work [ 294.375300][ T40] Call Trace: [ 294.375306][ T40] [ 294.375314][ T40] __schedule+0xf15/0x5d00 [ 294.375337][ T40] ? __pfx_mark_lock+0x10/0x10 [ 294.375363][ T40] ? __pfx___schedule+0x10/0x10 [ 294.375386][ T40] ? schedule+0x298/0x350 [ 294.375408][ T40] ? __pfx_lock_release+0x10/0x10 [ 294.375433][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 294.375455][ T40] ? lockdep_hardirqs_on+0x7c/0x110 [ 294.375482][ T40] schedule+0xe7/0x350 [ 294.375504][ T40] virtio_gpu_queue_fenced_ctrl_buffer+0x497/0xff0 [ 294.375529][ T40] ? __pfx_virtio_gpu_queue_fenced_ctrl_buffer+0x10/0x10 [ 294.375555][ T40] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 294.375577][ T40] ? kmem_cache_alloc_noprof+0x174/0x2f0 [ 294.375604][ T40] ? __pfx_autoremove_wake_function+0x10/0x10 [ 294.375630][ T40] ? __asan_memset+0x23/0x50 [ 294.375652][ T40] ? virtio_gpu_cmd_resource_flush+0x85/0x220 [ 294.375675][ T40] virtio_gpu_primary_plane_update+0x105d/0x1590 [ 294.375703][ T40] ? __pfx_virtio_gpu_primary_plane_update+0x10/0x10 [ 294.375730][ T40] ? drm_crtc_next_vblank_start+0x25d/0x300 [ 294.375755][ T40] drm_atomic_helper_commit_planes+0x93a/0x1000 [ 294.375780][ T40] drm_atomic_helper_commit_tail+0x69/0xf0 [ 294.375802][ T40] commit_tail+0x356/0x410 [ 294.375824][ T40] drm_atomic_helper_commit+0x2fd/0x380 [ 294.375848][ T40] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 294.375871][ T40] drm_atomic_commit+0x227/0x300 [ 294.375891][ T40] ? __pfx_drm_atomic_commit+0x10/0x10 [ 294.375910][ T40] ? __pfx___drm_printfn_info+0x10/0x10 [ 294.375932][ T40] ? modeset_lock+0x10e/0x6c0 [ 294.375956][ T40] drm_atomic_helper_dirtyfb+0x615/0x7b0 [ 294.375977][ T40] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 294.375999][ T40] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 294.376025][ T40] drm_fbdev_generic_helper_fb_dirty+0x7ad/0xbd0 [ 294.376051][ T40] ? __pfx_drm_fbdev_generic_helper_fb_dirty+0x10/0x10 [ 294.376075][ T40] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 294.376097][ T40] drm_fb_helper_damage_work+0x285/0x5e0 [ 294.376121][ T40] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 294.376146][ T40] process_one_work+0x9fb/0x1b60 [ 294.376166][ T40] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 294.376190][ T40] ? __pfx_process_one_work+0x10/0x10 [ 294.376209][ T40] ? assign_work+0x1a0/0x250 [ 294.376234][ T40] worker_thread+0x6c8/0xf70 [ 294.376254][ T40] ? __kthread_parkme+0x148/0x220 [ 294.376274][ T40] ? __pfx_worker_thread+0x10/0x10 [ 294.376291][ T40] kthread+0x2c1/0x3a0 [ 294.376311][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 294.376334][ T40] ? __pfx_kthread+0x10/0x10 [ 294.376355][ T40] ret_from_fork+0x45/0x80 [ 294.376379][ T40] ? __pfx_kthread+0x10/0x10 [ 294.376400][ T40] ret_from_fork_asm+0x1a/0x30 [ 294.376428][ T40] [ 294.376437][ T40] [ 294.376437][ T40] Showing all locks held in the system: [ 294.376444][ T40] 9 locks held by swapper/0/1: [ 294.376455][ T40] #0: ffff88801d86f170 (&dev->mutex){....}-{3:3}, at: __driver_attach+0x278/0x580 [ 294.376507][ T40] #1: ffff88801fcc42f8 (&dev->clientlist_mutex){+.+.}-{3:3}, at: drm_client_register+0x54/0x280 [ 294.376560][ T40] #2: ffffffff8e6e4ba8 (registration_lock){+.+.}-{3:3}, at: register_framebuffer+0x7a/0x840 [ 294.376605][ T40] #3: ffffffff8db9f2e0 (console_lock){+.+.}-{0:0}, at: fbcon_fb_registered+0x3c/0x6a0 [ 294.376658][ T40] #4: ffff88801b3b7280 (&helper->lock){+.+.}-{3:3}, at: drm_fb_helper_pan_display+0xd5/0x990 [ 294.376712][ T40] #5: ffff88801fcc41b0 (&dev->master_mutex){+.+.}-{3:3}, at: drm_master_internal_acquire+0x21/0x80 [ 294.376760][ T40] #6: ffff88801b3b7098 (&client->modeset_mutex){+.+.}-{3:3}, at: drm_client_modeset_commit_locked+0x4c/0x580 [ 294.376807][ T40] #7: ffffc90000047318 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_client_modeset_commit_atomic+0xd0/0x810 [ 294.376854][ T40] #8: ffff88801fb0d0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0 [ 294.376911][ T40] 3 locks held by kworker/0:0/8: [ 294.376977][ T40] #0: ffff888015488948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60 [ 294.377028][ T40] #1: ffffc900000b7d80 ((work_completion)(&vgvq->dequeue_work)){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60 [ 294.377073][ T40] #2: ffff88801fcc42f8 (&dev->clientlist_mutex){+.+.}-{3:3}, at: drm_client_dev_hotplug+0x169/0x3c0 [ 294.377123][ T40] 1 lock held by khungtaskd/40: [ 294.377134][ T40] #0: ffffffff8dbb18e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 294.377189][ T40] 2 locks held by kworker/u32:3/54: [ 294.377199][ T40] #0: ffff888015491148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60 [ 294.377245][ T40] #1: ffffc90000a67d80 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60 [ 294.377296][ T40] 5 locks held by kworker/0:2/827: [ 294.377307][ T40] #0: ffff888015488948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60 [ 294.377351][ T40] #1: ffffc9000506fd80 ((work_completion)(&helper->damage_work)){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60 [ 294.377396][ T40] #2: ffffc9000506fa10 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_atomic_helper_dirtyfb+0xb5/0x7b0 [ 294.377441][ T40] #3: ffff88801fb0d0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0 [ 294.377492][ T40] #4: ffffffff8e8210b0 (drm_unplug_srcu){.+.+}-{0:0}, at: drm_dev_enter+0x49/0x160 [ 294.377538][ T40] [ 294.377543][ T40] ============================================= [ 294.377543][ T40] [ 294.377551][ T40] Kernel panic - not syncing: hung_task: blocked tasks [ 294.377560][ T40] CPU: 3 PID: 40 Comm: khungtaskd Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 294.377578][ T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 294.377588][ T40] Call Trace: [ 294.377595][ T40] [ 294.377601][ T40] dump_stack_lvl+0x3d/0x1f0 [ 294.377626][ T40] panic+0x6f5/0x7a0 [ 294.377651][ T40] ? __pfx_panic+0x10/0x10 [ 294.377676][ T40] ? watchdog+0xd3d/0x1240 [ 294.377693][ T40] ? watchdog+0xd30/0x1240 [ 294.377710][ T40] watchdog+0xd4e/0x1240 [ 294.377728][ T40] ? __pfx_watchdog+0x10/0x10 [ 294.377743][ T40] ? lockdep_hardirqs_on+0x7c/0x110 [ 294.377769][ T40] ? __kthread_parkme+0x148/0x220 [ 294.377788][ T40] ? __pfx_watchdog+0x10/0x10 [ 294.377805][ T40] kthread+0x2c1/0x3a0 [ 294.377823][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 294.377844][ T40] ? __pfx_kthread+0x10/0x10 [ 294.377864][ T40] ret_from_fork+0x45/0x80 [ 294.377886][ T40] ? __pfx_kthread+0x10/0x10 [ 294.377905][ T40] ret_from_fork_asm+0x1a/0x30 [ 294.377930][ T40] [ 294.378588][ T40] Kernel Offset: disabled program did not crash extracting C reproducer testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program crashed: KASAN: stack-out-of-bounds Read in profile_pc simplifying C reproducer testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program crashed: KASAN: stack-out-of-bounds Read in profile_pc testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program crashed: KASAN: stack-out-of-bounds Read in profile_pc testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program crashed: KASAN: stack-out-of-bounds Read in profile_pc testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program crashed: KASAN: stack-out-of-bounds Read in profile_pc testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program did not crash testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program did not crash testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT program did not crash reproducing took 44m51.457490707s repro crashed as (corrupted=false): ================================================================== BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44 Read of size 8 at addr ffffc9000329f9a0 by task syz-executor137/5202 CPU: 2 PID: 5202 Comm: syz-executor137 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44 profile_tick+0xd3/0x140 kernel/profile.c:339 tick_sched_handle kernel/time/tick-sched.c:277 [inline] tick_nohz_handler+0x380/0x530 kernel/time/tick-sched.c:297 __run_hrtimer kernel/time/hrtimer.c:1687 [inline] __hrtimer_run_queues+0x657/0xcc0 kernel/time/hrtimer.c:1751 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1813 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:queued_read_lock_slowpath+0x131/0x2b1 kernel/locking/qrwlock.c:51 Code: 85 45 01 00 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 <41> 0f b6 06 40 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 RSP: 0018:ffffc9000329f998 EFLAGS: 00000286 RAX: 00000000000002ff RBX: ffff88802683a0b0 RCX: ffffffff8aeb79db RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88802683a0b0 RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed1004d07416 R10: ffff88802683a0b3 R11: 0000000000000003 R12: 1ffff92000653f34 R13: ffff88802683a0b4 R14: ffffed1004d07416 R15: ffff88802683a000 start_this_handle+0x249/0x15e0 fs/jbd2/transaction.c:383 jbd2__journal_start+0x394/0x6a0 fs/jbd2/transaction.c:520 __ext4_journal_start_sb+0x358/0x660 fs/ext4/ext4_jbd2.c:112 __ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline] __ext4_unlink+0x418/0xcb0 fs/ext4/namei.c:3262 ext4_unlink+0x422/0x610 fs/ext4/namei.c:3321 vfs_unlink+0x2fb/0x9b0 fs/namei.c:4343 do_unlinkat+0x5c0/0x750 fs/namei.c:4407 __do_sys_unlink fs/namei.c:4455 [inline] __se_sys_unlink fs/namei.c:4453 [inline] __x64_sys_unlink+0xc7/0x110 fs/namei.c:4453 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb3ebca6fc7 Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd5a228b08 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3ebca6fc7 RDX: 00007ffd5a228b30 RSI: 00007ffd5a228bc0 RDI: 00007ffd5a228bc0 RBP: 00007ffd5a228bc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd5a229c30 R13: 0000555573ab17d0 R14: 00007ffd5a229c30 R15: 0000000000000eda The buggy address belongs to stack of task syz-executor137/5202 and is located at offset 0 in frame: queued_read_lock_slowpath+0x0/0x2b1 arch/x86/include/asm/paravirt.h:584 This frame has 1 object: [32, 36) 'val' The buggy address belongs to the virtual mapping at [ffffc90003298000, ffffc900032a1000) created by: kernel_clone+0xfd/0x980 kernel/fork.c:2797 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fbfb flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4912, tgid 4912 (dhcpcd), ts 71817495197, free_ts 68910505176 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1468 prep_new_page mm/page_alloc.c:1476 [inline] get_page_from_freelist+0x136a/0x2df0 mm/page_alloc.c:3402 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4660 alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2265 vm_area_alloc_pages mm/vmalloc.c:3566 [inline] __vmalloc_area_node mm/vmalloc.c:3642 [inline] __vmalloc_node_range_noprof+0xa6a/0x1520 mm/vmalloc.c:3823 alloc_thread_stack_node kernel/fork.c:309 [inline] dup_task_struct kernel/fork.c:1115 [inline] copy_process+0x2f38/0x8f10 kernel/fork.c:2220 kernel_clone+0xfd/0x980 kernel/fork.c:2797 __do_sys_clone3+0x1f5/0x270 kernel/fork.c:3098 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5089 tgid 5089 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1088 [inline] free_unref_page+0x64a/0xe40 mm/page_alloc.c:2565 __put_partials+0x14c/0x170 mm/slub.c:2994 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3940 [inline] slab_alloc_node mm/slub.c:4000 [inline] kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4007 mt_alloc_one lib/maple_tree.c:162 [inline] mas_alloc_nodes+0x176/0x860 lib/maple_tree.c:1242 mas_node_count_gfp+0x105/0x130 lib/maple_tree.c:1322 mas_preallocate+0x3bb/0x1020 lib/maple_tree.c:5556 vma_iter_prealloc mm/internal.h:1361 [inline] vma_expand+0x6f3/0x1310 mm/mmap.c:661 mmap_region+0x153d/0x2760 mm/mmap.c:2859 do_mmap+0xbc7/0xf60 mm/mmap.c:1397 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:573 ksys_mmap_pgoff+0x332/0x5d0 mm/mmap.c:1443 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 Memory state around the buggy address: ffffc9000329f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000329f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000329f980: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 ^ ffffc9000329fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000329fa80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 f3 ================================================================== ---------------- Code disassembly (best guess): 0: 85 45 01 test %eax,0x1(%rbp) 3: 00 00 add %al,(%rax) 5: 8b 03 mov (%rbx),%eax 7: 84 c0 test %al,%al 9: 74 36 je 0x41 b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 12: fc ff df 15: 49 89 de mov %rbx,%r14 18: 48 89 dd mov %rbx,%rbp 1b: 49 c1 ee 03 shr $0x3,%r14 1f: 83 e5 07 and $0x7,%ebp 22: 49 01 c6 add %rax,%r14 25: 83 c5 03 add $0x3,%ebp 28: f3 90 pause * 2a: 41 0f b6 06 movzbl (%r14),%eax <-- trapping instruction 2e: 40 38 c5 cmp %al,%bpl 31: 7c 08 jl 0x3b 33: 84 c0 test %al,%al 35: 0f 85 1f 01 00 00 jne 0x15a 3b: 8b 03 mov (%rbx),%eax 3d: 84 c0 test %al,%al 3f: 75 .byte 0x75 final repro crashed as (corrupted=false): ================================================================== BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44 Read of size 8 at addr ffffc9000329f9a0 by task syz-executor137/5202 CPU: 2 PID: 5202 Comm: syz-executor137 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44 profile_tick+0xd3/0x140 kernel/profile.c:339 tick_sched_handle kernel/time/tick-sched.c:277 [inline] tick_nohz_handler+0x380/0x530 kernel/time/tick-sched.c:297 __run_hrtimer kernel/time/hrtimer.c:1687 [inline] __hrtimer_run_queues+0x657/0xcc0 kernel/time/hrtimer.c:1751 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1813 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline] __sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:queued_read_lock_slowpath+0x131/0x2b1 kernel/locking/qrwlock.c:51 Code: 85 45 01 00 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 <41> 0f b6 06 40 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 RSP: 0018:ffffc9000329f998 EFLAGS: 00000286 RAX: 00000000000002ff RBX: ffff88802683a0b0 RCX: ffffffff8aeb79db RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88802683a0b0 RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed1004d07416 R10: ffff88802683a0b3 R11: 0000000000000003 R12: 1ffff92000653f34 R13: ffff88802683a0b4 R14: ffffed1004d07416 R15: ffff88802683a000 start_this_handle+0x249/0x15e0 fs/jbd2/transaction.c:383 jbd2__journal_start+0x394/0x6a0 fs/jbd2/transaction.c:520 __ext4_journal_start_sb+0x358/0x660 fs/ext4/ext4_jbd2.c:112 __ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline] __ext4_unlink+0x418/0xcb0 fs/ext4/namei.c:3262 ext4_unlink+0x422/0x610 fs/ext4/namei.c:3321 vfs_unlink+0x2fb/0x9b0 fs/namei.c:4343 do_unlinkat+0x5c0/0x750 fs/namei.c:4407 __do_sys_unlink fs/namei.c:4455 [inline] __se_sys_unlink fs/namei.c:4453 [inline] __x64_sys_unlink+0xc7/0x110 fs/namei.c:4453 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb3ebca6fc7 Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd5a228b08 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3ebca6fc7 RDX: 00007ffd5a228b30 RSI: 00007ffd5a228bc0 RDI: 00007ffd5a228bc0 RBP: 00007ffd5a228bc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd5a229c30 R13: 0000555573ab17d0 R14: 00007ffd5a229c30 R15: 0000000000000eda The buggy address belongs to stack of task syz-executor137/5202 and is located at offset 0 in frame: queued_read_lock_slowpath+0x0/0x2b1 arch/x86/include/asm/paravirt.h:584 This frame has 1 object: [32, 36) 'val' The buggy address belongs to the virtual mapping at [ffffc90003298000, ffffc900032a1000) created by: kernel_clone+0xfd/0x980 kernel/fork.c:2797 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fbfb flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4912, tgid 4912 (dhcpcd), ts 71817495197, free_ts 68910505176 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1468 prep_new_page mm/page_alloc.c:1476 [inline] get_page_from_freelist+0x136a/0x2df0 mm/page_alloc.c:3402 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4660 alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2265 vm_area_alloc_pages mm/vmalloc.c:3566 [inline] __vmalloc_area_node mm/vmalloc.c:3642 [inline] __vmalloc_node_range_noprof+0xa6a/0x1520 mm/vmalloc.c:3823 alloc_thread_stack_node kernel/fork.c:309 [inline] dup_task_struct kernel/fork.c:1115 [inline] copy_process+0x2f38/0x8f10 kernel/fork.c:2220 kernel_clone+0xfd/0x980 kernel/fork.c:2797 __do_sys_clone3+0x1f5/0x270 kernel/fork.c:3098 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5089 tgid 5089 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1088 [inline] free_unref_page+0x64a/0xe40 mm/page_alloc.c:2565 __put_partials+0x14c/0x170 mm/slub.c:2994 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3940 [inline] slab_alloc_node mm/slub.c:4000 [inline] kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4007 mt_alloc_one lib/maple_tree.c:162 [inline] mas_alloc_nodes+0x176/0x860 lib/maple_tree.c:1242 mas_node_count_gfp+0x105/0x130 lib/maple_tree.c:1322 mas_preallocate+0x3bb/0x1020 lib/maple_tree.c:5556 vma_iter_prealloc mm/internal.h:1361 [inline] vma_expand+0x6f3/0x1310 mm/mmap.c:661 mmap_region+0x153d/0x2760 mm/mmap.c:2859 do_mmap+0xbc7/0xf60 mm/mmap.c:1397 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:573 ksys_mmap_pgoff+0x332/0x5d0 mm/mmap.c:1443 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 Memory state around the buggy address: ffffc9000329f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000329f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000329f980: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 ^ ffffc9000329fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000329fa80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 f3 ================================================================== ---------------- Code disassembly (best guess): 0: 85 45 01 test %eax,0x1(%rbp) 3: 00 00 add %al,(%rax) 5: 8b 03 mov (%rbx),%eax 7: 84 c0 test %al,%al 9: 74 36 je 0x41 b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 12: fc ff df 15: 49 89 de mov %rbx,%r14 18: 48 89 dd mov %rbx,%rbp 1b: 49 c1 ee 03 shr $0x3,%r14 1f: 83 e5 07 and $0x7,%ebp 22: 49 01 c6 add %rax,%r14 25: 83 c5 03 add $0x3,%ebp 28: f3 90 pause * 2a: 41 0f b6 06 movzbl (%r14),%eax <-- trapping instruction 2e: 40 38 c5 cmp %al,%bpl 31: 7c 08 jl 0x3b 33: 84 c0 test %al,%al 35: 0f 85 1f 01 00 00 jne 0x15a 3b: 8b 03 mov (%rbx),%eax 3d: 84 c0 test %al,%al 3f: 75 .byte 0x75