Extracting prog: 1m55.228020172s Minimizing prog: 20m2.697292325s Simplifying prog options: 5m41.202127906s Extracting C: 2m31.183144202s Simplifying C: 0s 1 programs, 3 VMs, timeouts [15s 1m40s 6m0s] extracting reproducer from 1 programs single: executing 1 programs separately with timeout 15s testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) program did not crash single: failed to extract reproducer single: executing 1 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) program crashed: lost connection to test machine single: successfully extracted reproducer found reproducer with 4 syscalls minimizing guilty program testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) failed to boot instance (try 1): failed to create VM: can't ssh into the instance failed to run ["ssh" "-p" "44444" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "root@localhost" "pwd"]: exit status 255 Connection timed out during banner exchange Connection to 127.0.0.1 port 44444 timed out ftruncate: Invalid argument qemu-system-x86_64: warning: hub 0 is not connected to host network [ 0.000000][ T0] Linux version 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e (syzkaller@syzkaller) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #0 SMP PREEMPT_DYNAMIC now [ 0.000000][ T0] Command line: root=/dev/sda console=ttyS0 root=/dev/sda1 [ 0.000000][ T0] KERNEL supported cpus: [ 0.000000][ T0] Intel GenuineIntel [ 0.000000][ T0] AMD AuthenticAMD [ 0.000000][ T0] BIOS-provided physical RAM map: [ 0.000000][ T0] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable [ 0.000000][ T0] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x0000000000100000-0x000000007ffdcfff] usable [ 0.000000][ T0] BIOS-e820: [mem 0x000000007ffdd000-0x000000007fffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000fed1c000-0x00000000fed1ffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved [ 0.000000][ T0] BIOS-e820: [mem 0x0000000100000000-0x000000017fffffff] usable [ 0.000000][ T0] printk: legacy bootconsole [earlyser0] enabled [ 0.000000][ T0] ERROR: earlyprintk= earlyser already used [ 0.000000][ T0] ERROR: earlyprintk= earlyser already used [ 0.000000][ T0] ********************************************************** [ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 0.000000][ T0] ** ** [ 0.000000][ T0] ** This system shows unhashed kernel memory addresses ** [ 0.000000][ T0] ** via the console, logs, and other interfaces. This ** [ 0.000000][ T0] ** might reduce the security of your system. ** [ 0.000000][ T0] ** ** [ 0.000000][ T0] ** If you see this message and you are not debugging ** [ 0.000000][ T0] ** the kernel, report this immediately to your system ** [ 0.000000][ T0] ** administrator! ** [ 0.000000][ T0] ** ** [ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 0.000000][ T0] ********************************************************** [ 0.000000][ T0] Malformed early option 'vsyscall' [ 0.000000][ T0] nopcid: PCID feature disabled [ 0.000000][ T0] NX (Execute Disable) protection: active [ 0.000000][ T0] APIC: Static calls initialized [ 0.000000][ T0] SMBIOS 3.0.0 present. [ 0.000000][ T0] DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 0.000000][ T0] DMI: Memory slots populated: 1/1 [ 0.000000][ T0] Hypervisor detected: KVM [ 0.000000][ T0] kvm-clock: Using msrs 4b564d01 and 4b564d00 [ 0.000005][ T0] kvm-clock: using sched offset of 1909629928 cycles [ 0.004226][ T0] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns [ 0.019311][ T0] tsc: Detected 2600.028 MHz processor [ 0.037599][ T0] last_pfn = 0x180000 max_arch_pfn = 0x400000000 [ 0.043533][ T0] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs [ 0.051707][ T0] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.058868][ T0] last_pfn = 0x7ffdd max_arch_pfn = 0x400000000 [ 0.074379][ T0] found SMP MP-table at [mem 0x000f53c0-0x000f53cf] [ 0.080055][ T0] Using GB pages for direct mapping [ 0.088603][ T0] ACPI: Early table checksum verification disabled [ 0.093649][ T0] ACPI: RSDP 0x00000000000F5190 000014 (v00 BOCHS ) [ 0.098407][ T0] ACPI: RSDT 0x000000007FFE2925 000048 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.104879][ T0] ACPI: FACP 0x000000007FFE1B2C 0000F4 (v03 BOCHS BXPC 00000001 BXPC 00000001) [ 0.111379][ T0] ACPI: DSDT 0x000000007FFDF040 002AEC (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.117833][ T0] ACPI: FACS 0x000000007FFDF000 000040 [ 0.122188][ T0] ACPI: APIC 0x000000007FFE1C20 0000B0 (v03 BOCHS BXPC 00000001 BXPC 00000001) [ 0.128919][ T0] ACPI: HPET 0x000000007FFE1CD0 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.136095][ T0] ACPI: SRAT 0x000000007FFE1D08 000178 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.142980][ T0] ACPI: MCFG 0x000000007FFE1E80 00003C (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.150534][ T0] ACPI: DMAR 0x000000007FFE1EBC 0000C0 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.157497][ T0] ACPI: SSDT 0x000000007FFE1F7C 0008A1 (v01 BOCHS NVDIMM 00000001 BXPC 00000001) [ 0.164203][ T0] ACPI: NFIT 0x000000007FFE281D 0000E0 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.170835][ T0] ACPI: WAET 0x000000007FFE28FD 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.177512][ T0] ACPI: Reserving FACP table memory at [mem 0x7ffe1b2c-0x7ffe1c1f] [ 0.184150][ T0] ACPI: Reserving DSDT table memory at [mem 0x7ffdf040-0x7ffe1b2b] [ 0.190756][ T0] ACPI: Reserving FACS table memory at [mem 0x7ffdf000-0x7ffdf03f] [ 0.197293][ T0] ACPI: Reserving APIC table memory at [mem 0x7ffe1c20-0x7ffe1ccf] [ 0.203113][ T0] ACPI: Reserving HPET table memory at [mem 0x7ffe1cd0-0x7ffe1d07] [ 0.208640][ T0] ACPI: Reserving SRAT table memory at [mem 0x7ffe1d08-0x7ffe1e7f] [ 0.214264][ T0] ACPI: Reserving MCFG table memory at [mem 0x7ffe1e80-0x7ffe1ebb] [ 0.219739][ T0] ACPI: Reserving DMAR table memory at [mem 0x7ffe1ebc-0x7ffe1f7b] [ 0.225105][ T0] ACPI: Reserving SSDT table memory at [mem 0x7ffe1f7c-0x7ffe281c] [ 0.231181][ T0] ACPI: Reserving NFIT table memory at [mem 0x7ffe281d-0x7ffe28fc] [ 0.237210][ T0] ACPI: Reserving WAET table memory at [mem 0x7ffe28fd-0x7ffe2924] [ 0.244308][ T0] SRAT: PXM 0 -> APIC 0x00 -> Node 0 [ 0.248793][ T0] SRAT: PXM 0 -> APIC 0x01 -> Node 0 [ 0.253418][ T0] SRAT: PXM 0 -> APIC 0x02 -> Node 0 [ 0.257925][ T0] SRAT: PXM 0 -> APIC 0x03 -> Node 0 [ 0.261872][ T0] SRAT: PXM 0 -> APIC 0x04 -> Node 0 [ 0.265646][ T0] SRAT: PXM 0 -> APIC 0x05 -> Node 0 [ 0.269433][ T0] SRAT: PXM 0 -> APIC 0x06 -> Node 0 [ 0.273580][ T0] SRAT: PXM 0 -> APIC 0x07 -> Node 0 [ 0.277551][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0x0009ffff] [ 0.283421][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00100000-0x7fffffff] [ 0.288649][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0x17fffffff] [ 0.293573][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff] non-volatile [ 0.299192][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x57fffffff] hotplug [ 0.304551][ T0] NUMA: Node 0 [mem 0x00000000-0x0009ffff] + [mem 0x00100000-0x7fffffff] -> [mem 0x00000000-0x7fffffff] [ 0.312195][ T0] NUMA: Node 0 [mem 0x00000000-0x7fffffff] + [mem 0x100000000-0x17fffffff] -> [mem 0x00000000-0x17fffffff] [ 0.320638][ T0] Faking node 0 at [mem 0x0000000000000000-0x00000000ffffffff] (4096MB) [ 0.326326][ T0] Faking node 1 at [mem 0x0000000100000000-0x000000017fffffff] (2048MB) [ 0.332301][ T0] NODE_DATA(0) allocated [mem 0x7ffd7000-0x7ffdcfff] [ 0.336881][ T0] NODE_DATA(1) allocated [mem 0x17fff7000-0x17fffcfff] [ 0.357629][ T0] Zone ranges: [ 0.360028][ T0] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.365063][ T0] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.370082][ T0] Normal [mem 0x0000000100000000-0x000000017fffffff] [ 0.375537][ T0] Device empty [ 0.378140][ T0] Movable zone start for each node [ 0.381858][ T0] Early memory node ranges [ 0.385028][ T0] node 0: [mem 0x0000000000001000-0x000000000009efff] [ 0.390142][ T0] node 0: [mem 0x0000000000100000-0x000000007ffdcfff] [ 0.395954][ T0] node 1: [mem 0x0000000100000000-0x000000017fffffff] [ 0.402176][ T0] Initmem setup node 0 [mem 0x0000000000001000-0x000000007ffdcfff] [ 0.408182][ T0] Initmem setup node 1 [mem 0x0000000100000000-0x000000017fffffff] [ 0.414283][ T0] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.419003][ T0] On node 0, zone DMA: 97 pages in unavailable ranges [ 0.467417][ T0] On node 1, zone Normal: 35 pages in unavailable ranges [ 0.622770][ T0] kasan: KernelAddressSanitizer initialized [ 0.632604][ T0] ACPI: PM-Timer IO Port: 0x608 [ 0.636181][ T0] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) [ 0.641321][ T0] IOAPIC[0]: apic_id 0, version 32, address 0xfec00000, GSI 0-23 [ 0.646846][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 0.652093][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) [ 0.658130][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.664442][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) [ 0.670581][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) [ 0.676568][ T0] ACPI: Using ACPI (MADT) for SMP configuration information [ 0.682156][ T0] ACPI: HPET id: 0x8086a201 base: 0xfed00000 [ 0.687202][ T0] TSC deadline timer available [ 0.691205][ T0] CPU topo: Max. logical packages: 2 [ 0.695742][ T0] CPU topo: Max. logical dies: 2 [ 0.700095][ T0] CPU topo: Max. dies per package: 1 [ 0.704521][ T0] CPU topo: Max. threads per core: 2 [ 0.709105][ T0] CPU topo: Num. cores per package: 2 [ 0.713938][ T0] CPU topo: Num. threads per package: 4 [ 0.718694][ T0] CPU topo: Allowing 4 present CPUs plus 4 hotplug CPUs [ 0.724436][ T0] kvm-guest: APIC: eoi() replaced with kvm_guest_apic_eoi_write() [ 0.730874][ T0] kvm-guest: KVM setup pv remote TLB flush [ 0.735618][ T0] kvm-guest: setup PV sched yield [ 0.739605][ T0] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.746759][ T0] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff] [ 0.752902][ T0] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff] [ 0.758646][ T0] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff] [ 0.764416][ T0] PM: hibernation: Registered nosave memory: [mem 0x7ffdd000-0x7fffffff] [ 0.770293][ T0] PM: hibernation: Registered nosave memory: [mem 0x80000000-0xafffffff] [ 0.777401][ T0] PM: hibernation: Registered nosave memory: [mem 0xb0000000-0xbfffffff] [ 0.784756][ T0] PM: hibernation: Registered nosave memory: [mem 0xc0000000-0xfed1bfff] [ 0.792212][ T0] PM: hibernation: Registered nosave memory: [mem 0xfed1c000-0xfed1ffff] [ 0.799190][ T0] PM: hibernation: Registered nosave memory: [mem 0xfed20000-0xfeffbfff] [ 0.806014][ T0] PM: hibernation: Registered nosave memory: [mem 0xfeffc000-0xfeffffff] [ 0.813164][ T0] PM: hibernation: Registered nosave memory: [mem 0xff000000-0xfffbffff] [ 0.819011][ T0] PM: hibernation: Registered nosave memory: [mem 0xfffc0000-0xffffffff] [ 0.826014][ T0] [mem 0xc0000000-0xfed1bfff] available for PCI devices [ 0.831712][ T0] Booting paravirtualized kernel on KVM [ 0.835950][ T0] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 1.061256][ T0] setup_percpu: NR_CPUS:8 nr_cpumask_bits:8 nr_cpu_ids:8 nr_node_ids:2 [ 1.069258][ T0] percpu: Embedded 74 pages/cpu s264648 r8192 d30264 u1048576 [ 1.074666][ T0] kvm-guest: PV spinlocks enabled [ 1.078077][ T0] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear) [ 1.083636][ T0] Kernel command line: earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff root=/dev/sda console=ttyS0 vsyscall=native numa=fake=2 kvm-intel.nested=1 spec_store_bypass_disable=prctl nopcid vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 netrom.nr_ndevs=16 rose.rose_ndevs=16 smp.csd_lock_timeout=100000 watchdog_thresh=55 workqueue.watchdog_thresh=140 sysctl.net.core.netdev_unregister_timeout_secs=140 dummy_hcd.num=8 panic_on_warn=1 root=/dev/sda console=ttyS0 root=/dev/sda1 [ 1.148221][ T0] Unknown kernel command line parameters "spec_store_bypass_disable=prctl", will be passed to user space. [ 1.156295][ T0] random: crng init done [ 1.159908][ T0] Fallback order for Node 0: 0 1 [ 1.159922][ T0] Fallback order for Node 1: 1 0 [ 1.159935][ T0] Built 2 zonelists, mobility grouping on. Total pages: 1048443 [ 1.171240][ T0] Policy zone: Normal [ 1.174286][ T0] mem auto-init: stack:all(zero), heap alloc:on, heap free:off [ 1.179024][ T0] stackdepot: allocating hash table via alloc_large_system_hash [ 1.184098][ T0] stackdepot hash table entries: 1048576 (order: 12, 16777216 bytes, linear) [ 1.193796][ T0] software IO TLB: area num 8. [ 1.558503][ T0] Memory: 3146484K/4193772K available (165888K kernel code, 39318K rwdata, 37248K rodata, 26016K init, 34368K bss, 1047032K reserved, 0K cma-reserved) [ 1.570301][ T0] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=2 [ 1.628975][ T0] allocated 83886080 bytes of page_ext [ 1.632426][ T0] Node 0, zone DMA: page owner found early allocated 0 pages [ 1.647655][ T0] Node 0, zone DMA32: page owner found early allocated 10355 pages [ 1.661038][ T0] Node 1, zone Normal: page owner found early allocated 10243 pages [ 1.668693][ T0] Dynamic Preempt: full [ 1.674318][ T0] Running RCU self tests [ 1.677531][ T0] Running RCU synchronous self tests [ 1.681658][ T0] rcu: Preemptible hierarchical RCU implementation. [ 1.686770][ T0] rcu: RCU lockdep checking is enabled. [ 1.691114][ T0] rcu: RCU callback double-/use-after-free debug is enabled. [ 1.696777][ T0] rcu: RCU debug extended QS entry/exit. [ 1.701199][ T0] All grace periods are expedited (rcu_expedited). [ 1.705775][ T0] Trampoline variant of Tasks RCU enabled. [ 1.709527][ T0] Tracing variant of Tasks RCU enabled. [ 1.713852][ T0] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 1.720721][ T0] Running RCU synchronous self tests [ 1.724745][ T0] RCU Tasks: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1. [ 1.730868][ T0] RCU Tasks Trace: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1. [ 1.874756][ T0] NR_IRQS: 4352, nr_irqs: 488, preallocated irqs: 16 [ 1.881273][ T0] rcu: srcu_init: Setting srcu_struct sizes based on contention. [ 1.887703][ T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88816da00000-0xffff88816dc00000 [ 1.927000][ T0] Console: colour VGA+ 80x25 [ 1.930826][ T0] printk: legacy console [ttyS0] enabled [ 1.930826][ T0] printk: legacy console [ttyS0] enabled [ 1.939579][ T0] printk: legacy bootconsole [earlyser0] disabled [ 1.939579][ T0] printk: legacy bootconsole [earlyser0] disabled [ 1.949720][ T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar [ 1.956425][ T0] ... MAX_LOCKDEP_SUBCLASSES: 8 [ 1.960288][ T0] ... MAX_LOCK_DEPTH: 48 [ 1.964172][ T0] ... MAX_LOCKDEP_KEYS: 8192 [ 1.968180][ T0] ... CLASSHASH_SIZE: 4096 [ 1.972206][ T0] ... MAX_LOCKDEP_ENTRIES: 131072 [ 1.976420][ T0] ... MAX_LOCKDEP_CHAINS: 262144 [ 1.980576][ T0] ... CHAINHASH_SIZE: 131072 [ 1.984781][ T0] memory used by lock dependency info: 20721 kB [ 1.989685][ T0] memory used for stack traces: 8320 kB [ 1.994052][ T0] per task-struct memory footprint: 1920 bytes [ 1.999170][ T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl [ 2.008532][ T0] ACPI: Core revision 20240322 [ 2.014355][ T0] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns [ 2.023208][ T0] APIC: Switch to symmetric I/O mode setup [ 2.027731][ T0] DMAR: Host address width 39 [ 2.031404][ T0] DMAR: DRHD base: 0x000000fed90000 flags: 0x0 [ 2.036851][ T0] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap d2008c22260206 ecap f00f5e [ 2.043862][ T0] DMAR: ATSR flags: 0x1 [ 2.047134][ T0] DMAR-IR: IOAPIC id 0 under DRHD base 0xfed90000 IOMMU 0 [ 2.052896][ T0] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping. [ 2.064894][ T0] DMAR-IR: Enabled IRQ remapping in x2apic mode [ 2.069746][ T0] x2apic enabled [ 2.073286][ T0] APIC: Switched APIC routing to: cluster x2apic [ 2.078388][ T0] kvm-guest: APIC: send_IPI_mask() replaced with kvm_send_ipi_mask() [ 2.084850][ T0] kvm-guest: APIC: send_IPI_mask_allbutself() replaced with kvm_send_ipi_mask_allbutself() [ 2.092322][ T0] kvm-guest: setup PV IPIs [ 2.109189][ T0] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 [ 2.113851][ T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x257a5699b94, max_idle_ns: 440795293402 ns [ 2.121528][ T0] Calibrating delay loop (skipped) preset value.. 5200.05 BogoMIPS (lpj=26000280) [ 2.132560][ T0] x86/cpu: User Mode Instruction Prevention (UMIP) activated [ 2.142344][ T0] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0 [ 2.146500][ T0] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0 [ 2.151588][ T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 2.158763][ T0] Spectre V2 : WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks! [ 2.161537][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on vm exit [ 2.171523][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on syscall [ 2.177388][ T0] Spectre V2 : Mitigation: Enhanced / Automatic IBRS [ 2.181524][ T0] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 2.191524][ T0] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT [ 2.197828][ T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier [ 2.201609][ T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl [ 2.211580][ T0] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode [ 2.217256][ T0] GDS: Unknown: Dependent on hypervisor status [ 2.221734][ T0] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 2.227630][ T0] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 2.231525][ T0] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 2.236476][ T0] x86/fpu: Supporting XSAVE feature 0x020: 'AVX-512 opmask' [ 2.241524][ T0] x86/fpu: Supporting XSAVE feature 0x040: 'AVX-512 Hi256' [ 2.246509][ T0] x86/fpu: Supporting XSAVE feature 0x080: 'AVX-512 ZMM_Hi256' [ 2.251525][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 2.256355][ T0] x86/fpu: xstate_offset[5]: 832, xstate_sizes[5]: 64 [ 2.261524][ T0] x86/fpu: xstate_offset[6]: 896, xstate_sizes[6]: 512 [ 2.266434][ T0] x86/fpu: xstate_offset[7]: 1408, xstate_sizes[7]: 1024 [ 2.271524][ T0] x86/fpu: Enabled xstate features 0xe7, context size is 2432 bytes, using 'compacted' format. [ 2.499575][ T0] Freeing SMP alternatives memory: 120K [ 2.501528][ T0] pid_max: default: 32768 minimum: 301 [ 2.505857][ T0] LSM: initializing lsm=lockdown,capability,landlock,yama,safesetid,tomoyo,selinux,ima,evm [ 2.511707][ T0] landlock: Up and running. [ 2.514856][ T0] Yama: becoming mindful. [ 2.521569][ T0] TOMOYO Linux initialized [ 2.524713][ T0] SELinux: Initializing. [ 2.531235][ T0] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage) [ 2.545633][ T0] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, vmalloc) [ 2.551789][ T0] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc) [ 2.557137][ T0] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc) [ 2.566847][ T0] Running RCU synchronous self tests [ 2.570183][ T0] Running RCU synchronous self tests [ 2.572741][ T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.60GHz (family: 0x6, model: 0x6a, stepping: 0x6) [ 2.594357][ T1] Running RCU Tasks wait API self tests [ 2.598207][ T1] Running RCU Tasks Trace wait API self tests [ 2.601652][ T1] Performance Events: unsupported p6 CPU model 106 no PMU driver, software events only. [ 2.607810][ T1] signal: max sigframe size: 3632 [ 2.612095][ T1] rcu: Hierarchical SRCU implementation. [ 2.615618][ T1] rcu: Max phase no-delay instances is 1000. [ 2.621963][ T15] Callback from call_rcu_tasks_trace() invoked. [ 2.634992][ T1] NMI watchdog: Perf NMI watchdog permanently disabled [ 2.651601][ T1] smp: Bringing up secondary CPUs ... [ 2.657294][ T1] smpboot: x86: Booting SMP configuration: [ 2.660585][ T1] .... node #0, CPUs: #2 [ 2.664467][ T1] #1 #3 [ 2.683866][ T1] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details. [ 2.691905][ T1] smp: Brought up 2 nodes, 4 CPUs [ 2.694514][ T1] smpboot: Total of 4 processors activated (20800.22 BogoMIPS) [ 2.704714][ T1] devtmpfs: initialized [ 2.706321][ T1] x86/mm: Memory block size: 128MB [ 2.767758][ T1] Running RCU synchronous self tests [ 2.771605][ T1] Running RCU synchronous self tests [ 2.775479][ T1] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 2.782696][ T1] futex hash table entries: 2048 (order: 6, 262144 bytes, vmalloc) [ 2.794280][ T1] PM: RTC time: 06:30:33, date: 2024-07-04 [ 2.801682][ T1] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 2.811965][ T14] Callback from call_rcu_tasks() invoked. [ 2.816207][ T1] audit: initializing netlink subsys (disabled) [ 2.828261][ T39] audit: type=2000 audit(1720074634.491:1): state=initialized audit_enabled=0 res=1 [ 2.832068][ T1] thermal_sys: Registered thermal governor 'step_wise' [ 2.837646][ T1] thermal_sys: Registered thermal governor 'user_space' [ 2.841538][ T1] cpuidle: using governor menu [ 2.845387][ T1] NET: Registered PF_QIPCRTR protocol family [ 2.858387][ T1] dca service started, version 1.12.1 [ 2.862197][ T1] PCI: ECAM [mem 0xb0000000-0xbfffffff] (base 0xb0000000) for domain 0000 [bus 00-ff] [ 2.869003][ T1] PCI: ECAM [mem 0xb0000000-0xbfffffff] reserved as E820 entry [ 3.007532][ T1] PCI: Using configuration type 1 for base access [ 3.032675][ T1] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages [ 3.035909][ T1] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page [ 3.041540][ T1] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages [ 3.045804][ T1] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page [ 3.056680][ T1] Demotion targets for Node 0: null [ 3.056680][ T1] Demotion targets for Node 1: null [ 3.062694][ T1] cryptd: max_cpu_qlen set to 1000 [ 3.073336][ T1] raid6: skipped pq benchmark and selected avx512x4 [ 3.077101][ T1] raid6: using avx512x2 recovery algorithm [ 3.077101][ T1] ACPI: Added _OSI(Module Device) [ 3.079270][ T1] ACPI: Added _OSI(Processor Device) [ 3.081660][ T1] ACPI: Added _OSI(3.0 _SCP Extensions) [ 3.084781][ T1] ACPI: Added _OSI(Processor Aggregator Device) [ 3.230237][ T1] ACPI: 2 ACPI AML tables successfully acquired and loaded [ 3.252477][ T1] ACPI: _OSC evaluation for CPUs failed, trying _PDC [ 3.273771][ T1] ACPI: Interpreter enabled [ 3.277026][ T1] ACPI: PM: (supports S0 S3 S4 S5) [ 3.280614][ T1] ACPI: Using IOAPIC for interrupt routing [ 3.282660][ T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 3.291544][ T1] PCI: Using E820 reservations for host bridge windows [ 3.305868][ T1] ACPI: Enabled 4 GPEs in block 00 to 3F [ 3.543496][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 3.547697][ T1] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3] [ 3.555770][ T1] acpi PNP0A08:00: _OSC: platform does not support [PCIeHotplug LTR] [ 3.567665][ T1] acpi PNP0A08:00: _OSC: OS now controls [PME AER PCIeCapability] [ 3.573950][ T1] PCI host bridge to bus 0000:00 [ 3.576763][ T1] pci_bus 0000:00: Unknown NUMA node; performance will be reduced [ 3.581242][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 3.581548][ T1] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 3.586023][ T1] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 3.591572][ T1] pci_bus 0000:00: root bus resource [mem 0x80000000-0xafffffff window] [ 3.597469][ T1] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window] [ 3.611552][ T1] pci_bus 0000:00: root bus resource [mem 0x380000000000-0x38080000bfff window] [ 3.616584][ T1] pci_bus 0000:00: root bus resource [bus 00-ff] [ 3.620961][ T1] pci 0000:00:00.0: [8086:29c0] type 00 class 0x060000 conventional PCI endpoint [ 3.628504][ T1] pci 0000:00:01.0: [1af4:1050] type 00 class 0x030000 conventional PCI endpoint [ 3.636699][ T1] pci 0000:00:01.0: BAR 0 [mem 0xfe000000-0xfe7fffff pref] [ 3.646677][ T1] pci 0000:00:01.0: BAR 2 [mem 0x380800000000-0x380800003fff 64bit pref] [ 3.654414][ T1] pci 0000:00:01.0: BAR 4 [mem 0xfeaf4000-0xfeaf4fff] [ 3.663025][ T1] pci 0000:00:01.0: ROM [mem 0xfeae0000-0xfeaeffff pref] [ 3.668242][ T1] pci 0000:00:01.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 3.688354][ T1] pci 0000:00:02.0: [8086:10d3] type 00 class 0x020000 PCIe Root Complex Integrated Endpoint [ 3.693545][ T1] pci 0000:00:02.0: BAR 0 [mem 0xfea80000-0xfea9ffff] [ 3.699379][ T1] pci 0000:00:02.0: BAR 1 [mem 0xfeaa0000-0xfeabffff] [ 3.703234][ T1] pci 0000:00:02.0: BAR 2 [io 0xc080-0xc09f] [ 3.708333][ T1] pci 0000:00:02.0: BAR 3 [mem 0xfeaf0000-0xfeaf3fff] [ 3.718377][ T1] pci 0000:00:02.0: ROM [mem 0xfea00000-0xfea3ffff pref] [ 3.739911][ T1] pci 0000:00:03.0: [1af4:1005] type 00 class 0x00ff00 conventional PCI endpoint [ 3.743295][ T1] pci 0000:00:03.0: BAR 0 [io 0xc0a0-0xc0bf] [ 3.749434][ T1] pci 0000:00:03.0: BAR 1 [mem 0xfeaf5000-0xfeaf5fff] [ 3.764835][ T1] pci 0000:00:03.0: BAR 4 [mem 0x380800004000-0x380800007fff 64bit pref] [ 3.783260][ T1] pci 0000:00:04.0: [8086:3420] type 01 class 0x060400 PCIe Root Port [ 3.794963][ T1] pci 0000:00:04.0: PCI bridge to [bus 01] [ 3.799339][ T1] pci 0000:00:04.0: bridge window [mem 0xfe800000-0xfe9fffff] [ 3.802758][ T1] pci 0000:00:04.0: bridge window [mem 0x380000000000-0x3807ffffffff 64bit pref] [ 3.819729][ T1] pci 0000:00:05.0: [1af4:1009] type 00 class 0x000200 conventional PCI endpoint [ 3.834233][ T1] pci 0000:00:05.0: BAR 0 [io 0xc0c0-0xc0df] [ 3.841282][ T1] pci 0000:00:05.0: BAR 1 [mem 0xfeaf6000-0xfeaf6fff] [ 3.848135][ T1] pci 0000:00:05.0: BAR 4 [mem 0x380800008000-0x38080000bfff 64bit pref] [ 3.865230][ T1] pci 0000:00:06.0: [8086:100e] type 00 class 0x020000 conventional PCI endpoint [ 3.872472][ T1] pci 0000:00:06.0: BAR 0 [mem 0xfeac0000-0xfeadffff] [ 3.878447][ T1] pci 0000:00:06.0: BAR 1 [io 0xc000-0xc03f] [ 3.889092][ T1] pci 0000:00:06.0: ROM [mem 0xfea40000-0xfea7ffff pref] [ 3.907112][ T1] pci 0000:00:1d.0: [8086:2934] type 00 class 0x0c0300 conventional PCI endpoint [ 3.916943][ T1] pci 0000:00:1d.0: BAR 4 [io 0xc0e0-0xc0ff] [ 3.928591][ T1] pci 0000:00:1d.1: [8086:2935] type 00 class 0x0c0300 conventional PCI endpoint [ 3.936028][ T1] pci 0000:00:1d.1: BAR 4 [io 0xc100-0xc11f] [ 3.945178][ T1] pci 0000:00:1d.2: [8086:2936] type 00 class 0x0c0300 conventional PCI endpoint [ 3.954416][ T1] pci 0000:00:1d.2: BAR 4 [io 0xc120-0xc13f] [ 3.965035][ T1] pci 0000:00:1d.7: [8086:293a] type 00 class 0x0c0320 conventional PCI endpoint [ 3.971079][ T1] pci 0000:00:1d.7: BAR 0 [mem 0xfeaf7000-0xfeaf7fff] [ 3.979283][ T1] pci 0000:00:1f.0: [8086:2918] type 00 class 0x060100 conventional PCI endpoint [ 3.994289][ T1] pci 0000:00:1f.0: quirk: [io 0x0600-0x067f] claimed by ICH6 ACPI/GPIO/TCO [ 4.003528][ T1] pci 0000:00:1f.2: [8086:2922] type 00 class 0x010601 conventional PCI endpoint [ 4.017719][ T1] pci 0000:00:1f.2: BAR 4 [io 0xc140-0xc15f] [ 4.022757][ T1] pci 0000:00:1f.2: BAR 5 [mem 0xfeaf8000-0xfeaf8fff] [ 4.029365][ T1] pci 0000:00:1f.3: [8086:2930] type 00 class 0x0c0500 conventional PCI endpoint [ 4.048582][ T1] pci 0000:00:1f.3: BAR 4 [io 0x0700-0x073f] [ 4.059225][ T1] pci 0000:00:04.0: PCI bridge to [bus 01] [ 4.078288][ T1] ACPI: PCI: Interrupt link LNKA configured for IRQ 10 [ 4.085905][ T1] ACPI: PCI: Interrupt link LNKB configured for IRQ 10 [ 4.093789][ T1] ACPI: PCI: Interrupt link LNKC configured for IRQ 11 [ 4.101579][ T1] ACPI: PCI: Interrupt link LNKD configured for IRQ 11 [ 4.109913][ T1] ACPI: PCI: Interrupt link LNKE configured for IRQ 10 [ 4.121952][ T1] ACPI: PCI: Interrupt link LNKF configured for IRQ 10 [ 4.126517][ T1] ACPI: PCI: Interrupt link LNKG configured for IRQ 11 [ 4.133101][ T1] ACPI: PCI: Interrupt link LNKH configured for IRQ 11 [ 4.138407][ T1] ACPI: PCI: Interrupt link GSIA configured for IRQ 16 [ 4.142067][ T1] ACPI: PCI: Interrupt link GSIB configured for IRQ 17 [ 4.146422][ T1] ACPI: PCI: Interrupt link GSIC configured for IRQ 18 [ 4.150918][ T1] ACPI: PCI: Interrupt link GSID configured for IRQ 19 [ 4.152056][ T1] ACPI: PCI: Interrupt link GSIE configured for IRQ 20 [ 4.156439][ T1] ACPI: PCI: Interrupt link GSIF configured for IRQ 21 [ 4.160833][ T1] ACPI: PCI: Interrupt link GSIG configured for IRQ 22 [ 4.172027][ T1] ACPI: PCI: Interrupt link GSIH configured for IRQ 23 [ 4.213495][ T1] iommu: Default domain type: Translated [ 4.215487][ T1] iommu: DMA domain TLB invalidation policy: lazy mode [ 4.228978][ T1] SCSI subsystem initialized [ 4.234153][ T1] ACPI: bus type USB registered [ 4.241588][ T1] usbcore: registered new interface driver usbfs [ 4.241927][ T1] usbcore: registered new interface driver hub [ 4.246868][ T1] usbcore: registered new device driver usb [ 4.253885][ T1] mc: Linux media interface: v0.10 [ 4.257941][ T1] videodev: Linux video capture interface: v2.00 [ 4.272696][ T1] pps_core: LinuxPPS API ver. 1 registered [ 4.276955][ T1] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti [ 4.281690][ T1] PTP clock support registered [ 4.286152][ T1] EDAC MC: Ver: 3.0.0 [ 4.294950][ T1] Advanced Linux Sound Architecture Driver Initialized. [ 4.308744][ T1] Bluetooth: Core ver 2.22 [ 4.311914][ T1] NET: Registered PF_BLUETOOTH protocol family [ 4.316176][ T1] Bluetooth: HCI device and connection manager initialized [ 4.321137][ T1] Bluetooth: HCI socket layer initialized [ 4.321560][ T1] Bluetooth: L2CAP socket layer initialized [ 4.325763][ T1] Bluetooth: SCO socket layer initialized [ 4.329862][ T1] NET: Registered PF_ATMPVC protocol family [ 4.341547][ T1] NET: Registered PF_ATMSVC protocol family [ 4.346223][ T1] NetLabel: Initializing [ 4.349170][ T1] NetLabel: domain hash size = 128 [ 4.351536][ T1] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 4.356689][ T1] NetLabel: unlabeled traffic allowed by default [ 4.364408][ T1] nfc: nfc_init: NFC Core ver 0.1 [ 4.368447][ T1] NET: Registered PF_NFC protocol family [ 4.371656][ T1] PCI: Using ACPI for IRQ routing [ 4.822225][ T1] pci 0000:00:01.0: vgaarb: setting as boot VGA device [ 4.827094][ T1] pci 0000:00:01.0: vgaarb: bridge control possible [ 4.831515][ T1] pci 0000:00:01.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none [ 4.831570][ T1] vgaarb: loaded [ 4.839266][ T1] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0 [ 4.851536][ T1] hpet0: 3 comparators, 64-bit 100.000000 MHz counter [ 4.861692][ T1] clocksource: Switched to clocksource kvm-clock [ 4.876700][ T1] VFS: Disk quotas dquot_6.6.0 [ 4.880389][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 4.890814][ T1] netfs: FS-Cache loaded [ 4.911324][ T1] CacheFiles: Loaded [ 4.914947][ T1] TOMOYO: 2.6.0 [ 4.917426][ T1] Mandatory Access Control activated. [ 4.922449][ T1] pnp: PnP ACPI init [ 4.935650][ T1] system 00:06: [mem 0xb0000000-0xbfffffff window] has been reserved [ 4.965612][ T1] pnp: PnP ACPI: found 7 devices [ 5.023825][ T1] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 5.031939][ T1] NET: Registered PF_INET protocol family [ 5.038852][ T1] IP idents hash table entries: 65536 (order: 7, 524288 bytes, vmalloc) [ 5.052781][ T1] tcp_listen_portaddr_hash hash table entries: 2048 (order: 5, 147456 bytes, vmalloc) [ 5.060694][ T1] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, vmalloc) [ 5.068040][ T1] TCP established hash table entries: 32768 (order: 6, 262144 bytes, vmalloc) [ 5.080246][ T1] TCP bind hash table entries: 32768 (order: 10, 4718592 bytes, vmalloc hugepage) [ 5.087414][ T1] TCP: Hash tables configured (established 32768 bind 32768) [ 5.094564][ T1] MPTCP token hash table entries: 4096 (order: 6, 360448 bytes, vmalloc) [ 5.100378][ T1] UDP hash table entries: 2048 (order: 6, 327680 bytes, vmalloc) [ 5.105798][ T1] UDP-Lite hash table entries: 2048 (order: 6, 327680 bytes, vmalloc) [ 5.111464][ T1] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 5.117654][ T1] RPC: Registered named UNIX socket transport module. [ 5.121757][ T1] RPC: Registered udp transport module. [ 5.125884][ T1] RPC: Registered tcp transport module. [ 5.129779][ T1] RPC: Registered tcp-with-tls transport module. [ 5.134323][ T1] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 5.143381][ T1] NET: Registered PF_XDP protocol family [ 5.146968][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x0fff] to [bus 01] add_size 1000 [ 5.153441][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x1fff]: assigned [ 5.158917][ T1] pci 0000:00:04.0: PCI bridge to [bus 01] [ 5.162588][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x1fff] [ 5.168090][ T1] pci 0000:00:04.0: bridge window [mem 0xfe800000-0xfe9fffff] [ 5.173618][ T1] pci 0000:00:04.0: bridge window [mem 0x380000000000-0x3807ffffffff 64bit pref] [ 5.181073][ T1] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window] [ 5.185830][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window] [ 5.190978][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window] [ 5.196348][ T1] pci_bus 0000:00: resource 7 [mem 0x80000000-0xafffffff window] [ 5.201081][ T1] pci_bus 0000:00: resource 8 [mem 0xc0000000-0xfebfffff window] [ 5.206021][ T1] pci_bus 0000:00: resource 9 [mem 0x380000000000-0x38080000bfff window] [ 5.210854][ T1] pci_bus 0000:01: resource 0 [io 0x1000-0x1fff] [ 5.215417][ T1] pci_bus 0000:01: resource 1 [mem 0xfe800000-0xfe9fffff] [ 5.219936][ T1] pci_bus 0000:01: resource 2 [mem 0x380000000000-0x3807ffffffff 64bit pref] [ 5.259524][ T1] ACPI: \_SB_.GSIA: Enabled at IRQ 16 [ 5.299489][ T1] pci 0000:00:1d.0: quirk_usb_early_handoff+0x0/0x1440 took 71878 usecs [ 5.348121][ T1] ACPI: \_SB_.GSIB: Enabled at IRQ 17 [ 5.397660][ T1] pci 0000:00:1d.1: quirk_usb_early_handoff+0x0/0x1440 took 90738 usecs [ 5.426830][ T1] ACPI: \_SB_.GSIC: Enabled at IRQ 18 [ 5.455344][ T1] pci 0000:00:1d.2: quirk_usb_early_handoff+0x0/0x1440 took 51709 usecs [ 5.484762][ T1] ACPI: \_SB_.GSID: Enabled at IRQ 19 [ 5.513209][ T1] pci 0000:00:1d.7: quirk_usb_early_handoff+0x0/0x1440 took 51882 usecs [ 5.518483][ T1] PCI: CLS 0 bytes, default 64 [ 5.521664][ T1] DMAR: No RMRR found [ 5.524000][ T1] DMAR: No SATC found [ 5.526299][ T1] DMAR: dmar0: Using Queued invalidation [ 5.532006][ T1] pci 0000:00:00.0: Adding to iommu group 0 [ 5.532998][ T74] kworker/u32:1 (74) used greatest stack depth: 27952 bytes left [ 5.535799][ T1] pci 0000:00:01.0: Adding to iommu group 1 [ 5.544021][ T1] pci 0000:00:02.0: Adding to iommu group 2 [ 5.547624][ T1] pci 0000:00:03.0: Adding to iommu group 3 [ 5.551170][ T1] pci 0000:00:04.0: Adding to iommu group 4 [ 5.554944][ T1] pci 0000:00:05.0: Adding to iommu group 5 [ 5.558468][ T1] pci 0000:00:06.0: Adding to iommu group 6 [ 5.562164][ T1] pci 0000:00:1d.0: Adding to iommu group 7 [ 5.565736][ T1] pci 0000:00:1d.1: Adding to iommu group 7 [ 5.569214][ T1] pci 0000:00:1d.2: Adding to iommu group 7 [ 5.572694][ T1] pci 0000:00:1d.7: Adding to iommu group 7 [ 5.576919][ T1] pci 0000:00:1f.0: Adding to iommu group 8 [ 5.581270][ T1] pci 0000:00:1f.2: Adding to iommu group 8 [ 5.585648][ T1] pci 0000:00:1f.3: Adding to iommu group 8 [ 5.635235][ T1] DMAR: Intel(R) Virtualization Technology for Directed I/O [ 5.640482][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 5.645942][ T1] software IO TLB: mapped [mem 0x0000000067000000-0x000000006b000000] (64MB) [ 5.652368][ T1] ACPI: bus type thunderbolt registered [ 5.662288][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer [ 5.714742][ T1] kvm_amd: CPU 2 isn't AMD or Hygon [ 5.718471][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x257a5699b94, max_idle_ns: 440795293402 ns [ 5.725110][ T1] clocksource: Switched to clocksource tsc [ 5.767811][ T99] kworker/u32:1 (99) used greatest stack depth: 26960 bytes left [ 6.545104][ T1] Initialise system trusted keyrings [ 6.549678][ T1] workingset: timestamp_bits=40 max_order=20 bucket_order=0 [ 6.557763][ T1] DLM installed [ 6.562472][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 6.570081][ T1] NFS: Registering the id_resolver key type [ 6.573585][ T1] Key type id_resolver registered [ 6.576647][ T1] Key type id_legacy registered [ 6.579597][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering... [ 6.584132][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering... [ 6.598128][ T1] Key type cifs.spnego registered [ 6.601797][ T1] Key type cifs.idmap registered [ 6.605266][ T1] ntfs3: Enabled Linux POSIX ACLs support [ 6.608668][ T1] ntfs3: Read-only LZX/Xpress compression included [ 6.612768][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/ [ 6.616168][ T1] jffs2: version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat, Inc. [ 6.623665][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc. [ 6.627186][ T1] QNX4 filesystem 0.2.3 registered. [ 6.630497][ T1] qnx6: QNX6 filesystem 1.0.0 registered. [ 6.634409][ T1] fuse: init (API version 7.40) [ 6.639390][ T1] orangefs_debugfs_init: called with debug mask: :none: :0: [ 6.644499][ T1] orangefs_init: module version upstream loaded [ 6.649990][ T1] JFS: nTxBlock = 8192, nTxLock = 65536 [ 6.679333][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled [ 6.688066][ T1] 9p: Installing v9fs 9p2000 file system support [ 6.693042][ T1] NILFS version 2 loaded [ 6.695742][ T1] befs: version: 0.9.3 [ 6.698929][ T1] ocfs2: Registered cluster interface o2cb [ 6.703708][ T1] ocfs2: Registered cluster interface user [ 6.707816][ T1] OCFS2 User DLM kernel interface loaded [ 6.724000][ T1] gfs2: GFS2 installed [ 6.735929][ T1] ceph: loaded (mds proto 32) [ 6.777413][ T1] NET: Registered PF_ALG protocol family [ 6.781867][ T1] xor: automatically using best checksumming function avx [ 6.787902][ T1] async_tx: api initialized (async) [ 6.791865][ T1] Key type asymmetric registered [ 6.795751][ T1] Asymmetric key parser 'x509' registered [ 6.800012][ T1] Asymmetric key parser 'pkcs8' registered [ 6.804236][ T1] Key type pkcs7_test registered [ 6.808169][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) [ 6.815057][ T1] io scheduler mq-deadline registered [ 6.818951][ T1] io scheduler kyber registered [ 6.822533][ T1] io scheduler bfq registered [ 6.881899][ T1] ACPI: \_SB_.GSIE: Enabled at IRQ 20 [ 6.894990][ T1] pcieport 0000:00:04.0: PME: Signaling with IRQ 25 [ 6.904466][ T1] pcieport 0000:00:04.0: AER: enabled with IRQ 26 [ 6.914206][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 [ 6.921208][ T1] ACPI: button: Power Button [PWRF] [ 7.388629][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00 [ 7.448767][ T1] ACPI: \_SB_.GSIF: Enabled at IRQ 21 [ 7.513658][ T1] ACPI: \_SB_.GSIH: Enabled at IRQ 23 [ 7.966027][ T1] N_HDLC line discipline registered with maxframe=4096 [ 7.971286][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled [ 7.981575][ T1] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 8.028572][ T1] Non-volatile memory driver v1.3 [ 8.039962][ T1] Linux agpgart interface v0.103 [ 8.047171][ T1] ACPI: bus type drm_connector registered [ 8.054925][ T1] [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [ 8.066632][ T1] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 [ 8.175561][ T1] Console: switching to colour frame buffer device 128x48 [ 8.199469][ T1] platform vkms: [drm] fb0: vkmsdrmfb frame buffer device [ 8.205708][ T1] usbcore: registered new interface driver udl [ 8.211252][ T1] [drm] pci: virtio-vga detected at 0000:00:01.0 [ 8.216048][ T1] virtio-pci 0000:00:01.0: vgaarb: deactivate vga console [ 8.222801][ T1] [drm] features: -virgl +edid -resource_blob -host_visible [ 8.222816][ T1] [drm] features: -context_init [ 8.240824][ T1] [drm] number of scanouts: 1 [ 8.244384][ T1] [drm] number of cap sets: 0 [ 8.256295][ T1] [drm] Initialized virtio_gpu 0.1.0 0 for 0000:00:01.0 on minor 2 [ 8.323614][ T1] fbcon: virtio_gpudrmfb (fb1) is primary device [ 8.323638][ T1] fbcon: Remapping primary device, fb1, to tty 1-63 [ 286.674463][ T40] INFO: task swapper/0:1 blocked for more than 143 seconds. [ 286.674491][ T40] Not tainted 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 286.674503][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.674510][ T40] task:swapper/0 state:D stack:22256 pid:1 tgid:1 ppid:0 flags:0x00004000 [ 286.674539][ T40] Call Trace: [ 286.674546][ T40] [ 286.674555][ T40] __schedule+0xf15/0x5d00 [ 286.674626][ T40] ? __pfx___lock_acquire+0x10/0x10 [ 286.674652][ T40] ? __pfx___lock_acquire+0x10/0x10 [ 286.674679][ T40] ? __pfx___schedule+0x10/0x10 [ 286.674697][ T40] ? schedule+0x298/0x350 [ 286.674716][ T40] ? __pfx_lock_release+0x10/0x10 [ 286.674756][ T40] ? __ww_mutex_lock.constprop.0+0xf50/0x2650 [ 286.674778][ T40] ? __mutex_trylock_common+0x78/0x250 [ 286.674796][ T40] schedule+0xe7/0x350 [ 286.674807][ T40] schedule_preempt_disabled+0x13/0x30 [ 286.674819][ T40] __ww_mutex_lock.constprop.0+0xf55/0x2650 [ 286.674833][ T40] ? ret_from_fork+0x45/0x80 [ 286.674848][ T40] ? ret_from_fork_asm+0x1a/0x30 [ 286.674863][ T40] ? modeset_lock+0x488/0x6c0 [ 286.674876][ T40] ? __pfx___ww_mutex_lock.constprop.0+0x10/0x10 [ 286.674890][ T40] ? __pfx___might_resched+0x10/0x10 [ 286.674902][ T40] ? ww_mutex_lock+0x37/0x140 [ 286.674919][ T40] ww_mutex_lock+0x37/0x140 [ 286.674932][ T40] modeset_lock+0x488/0x6c0 [ 286.674945][ T40] drm_modeset_lock+0x59/0x90 [ 286.674959][ T40] drm_atomic_get_plane_state+0x19d/0x590 [ 286.674976][ T40] drm_client_modeset_commit_atomic+0x246/0x810 [ 286.674992][ T40] ? trace_contention_end+0xea/0x140 [ 286.675003][ T40] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 286.675019][ T40] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 286.675033][ T40] drm_client_modeset_commit_locked+0x14d/0x580 [ 286.675049][ T40] drm_fb_helper_pan_display+0x2a5/0x990 [ 286.675063][ T40] fb_pan_display+0x477/0x7d0 [ 286.675077][ T40] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 286.675090][ T40] bit_update_start+0x49/0x1f0 [ 286.675103][ T40] fbcon_switch+0xbbf/0x12f0 [ 286.675115][ T40] ? __pfx_fbcon_switch+0x10/0x10 [ 286.675128][ T40] ? __pfx_bit_cursor+0x10/0x10 [ 286.675141][ T40] ? fbcon_cursor+0x3bf/0x520 [ 286.675153][ T40] ? is_console_locked+0x9/0x20 [ 286.675167][ T40] ? con_is_visible+0x65/0x150 [ 286.675183][ T40] redraw_screen+0x2bf/0x760 [ 286.675194][ T40] ? fbcon_prepare_logo+0x8e5/0xc70 [ 286.675206][ T40] ? __pfx_redraw_screen+0x10/0x10 [ 286.675218][ T40] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 286.675230][ T40] set_con2fb_map+0x796/0x1060 [ 286.675244][ T40] fbcon_fb_registered+0x21d/0x6a0 [ 286.675257][ T40] ? fb_var_to_videomode+0x4c9/0x690 [ 286.675272][ T40] register_framebuffer+0x485/0x840 [ 286.675286][ T40] ? __pfx_register_framebuffer+0x10/0x10 [ 286.675301][ T40] ? drm_fbdev_generic_helper_fb_probe+0x49e/0x680 [ 286.675318][ T40] __drm_fb_helper_initial_config_and_unlock+0xd56/0x1620 [ 286.675333][ T40] ? __pfx___mutex_lock+0x10/0x10 [ 286.675346][ T40] ? __pfx___drm_fb_helper_initial_config_and_unlock+0x10/0x10 [ 286.675360][ T40] drm_fb_helper_initial_config+0x44/0x60 [ 286.675378][ T40] drm_fbdev_generic_client_hotplug+0x1a6/0x280 [ 286.675403][ T40] ? __pfx_drm_fbdev_generic_client_hotplug+0x10/0x10 [ 286.675428][ T40] drm_client_register+0x195/0x280 [ 286.675448][ T40] drm_fbdev_generic_setup+0x184/0x340 [ 286.675467][ T40] virtio_gpu_probe+0x29d/0x4e0 [ 286.675489][ T40] virtio_dev_probe+0x5ff/0x9b0 [ 286.675507][ T40] ? __pfx_virtio_dev_probe+0x10/0x10 [ 286.675521][ T40] really_probe+0x23e/0xa90 [ 286.675537][ T40] __driver_probe_device+0x1de/0x440 [ 286.675550][ T40] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 286.675562][ T40] driver_probe_device+0x4c/0x1b0 [ 286.675576][ T40] __driver_attach+0x283/0x580 [ 286.675589][ T40] ? __pfx___driver_attach+0x10/0x10 [ 286.675602][ T40] bus_for_each_dev+0x13c/0x1d0 [ 286.675614][ T40] ? __pfx_bus_for_each_dev+0x10/0x10 [ 286.675625][ T40] bus_add_driver+0x2e9/0x690 [ 286.675638][ T40] driver_register+0x15c/0x4b0 [ 286.675652][ T40] ? __register_virtio_driver+0x56/0x100 [ 286.675665][ T40] ? __pfx_virtio_gpu_driver_init+0x10/0x10 [ 286.675679][ T40] do_one_initcall+0x128/0x700 [ 286.675695][ T40] ? __pfx_do_one_initcall+0x10/0x10 [ 286.675718][ T40] ? trace_kmalloc+0x2d/0xe0 [ 286.675740][ T40] ? __kmalloc_noprof+0x20b/0x410 [ 286.675758][ T40] kernel_init_freeable+0x69d/0xca0 [ 286.675785][ T40] ? __pfx_kernel_init+0x10/0x10 [ 286.675811][ T40] kernel_init+0x1c/0x2b0 [ 286.675837][ T40] ? __pfx_kernel_init+0x10/0x10 [ 286.675861][ T40] ret_from_fork+0x45/0x80 [ 286.675881][ T40] ? __pfx_kernel_init+0x10/0x10 [ 286.675896][ T40] ret_from_fork_asm+0x1a/0x30 [ 286.675915][ T40] [ 286.675922][ T40] INFO: task kworker/0:1:10 blocked for more than 143 seconds. [ 286.675929][ T40] Not tainted 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 286.675936][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.675940][ T40] task:kworker/0:1 state:D stack:26416 pid:10 tgid:10 ppid:2 flags:0x00004000 [ 286.675960][ T40] Workqueue: events virtio_gpu_dequeue_ctrl_func [ 286.675976][ T40] Call Trace: [ 286.675980][ T40] [ 286.675985][ T40] __schedule+0xf15/0x5d00 [ 286.675996][ T40] ? __pfx_mark_lock+0x10/0x10 [ 286.676011][ T40] ? __pfx___schedule+0x10/0x10 [ 286.676022][ T40] ? schedule+0x298/0x350 [ 286.676032][ T40] ? __pfx_lock_release+0x10/0x10 [ 286.676047][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.676057][ T40] ? lockdep_hardirqs_on+0x7c/0x110 [ 286.676070][ T40] schedule+0xe7/0x350 [ 286.676081][ T40] schedule_preempt_disabled+0x13/0x30 [ 286.676093][ T40] __mutex_lock+0x5b8/0x9c0 [ 286.676105][ T40] ? call_usermodehelper_setup+0x252/0x340 [ 286.676117][ T40] ? kobject_uevent_env+0x2db/0x1810 [ 286.676131][ T40] ? drm_client_dev_hotplug+0x169/0x3c0 [ 286.676143][ T40] ? __pfx___mutex_lock+0x10/0x10 [ 286.676156][ T40] ? preempt_schedule_thunk+0x1a/0x30 [ 286.676167][ T40] ? drm_client_dev_hotplug+0x169/0x3c0 [ 286.676179][ T40] drm_client_dev_hotplug+0x169/0x3c0 [ 286.676192][ T40] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 286.676204][ T40] virtio_gpu_cmd_get_display_info_cb+0x3e1/0x550 [ 286.676219][ T40] ? __pfx_virtio_gpu_cmd_get_display_info_cb+0x10/0x10 [ 286.676234][ T40] virtio_gpu_dequeue_ctrl_func+0x209/0x7d0 [ 286.676250][ T40] ? __pfx_virtio_gpu_dequeue_ctrl_func+0x10/0x10 [ 286.676266][ T40] process_one_work+0x9c5/0x1b40 [ 286.676278][ T40] ? __pfx_lock_acquire+0x10/0x10 [ 286.676292][ T40] ? __pfx_process_one_work+0x10/0x10 [ 286.676303][ T40] ? assign_work+0x1a0/0x250 [ 286.676318][ T40] worker_thread+0x6c8/0xf30 [ 286.676329][ T40] ? __kthread_parkme+0x148/0x220 [ 286.676342][ T40] ? __pfx_worker_thread+0x10/0x10 [ 286.676352][ T40] kthread+0x2c1/0x3a0 [ 286.676364][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.676374][ T40] ? __pfx_kthread+0x10/0x10 [ 286.676386][ T40] ret_from_fork+0x45/0x80 [ 286.676400][ T40] ? __pfx_kthread+0x10/0x10 [ 286.676412][ T40] ret_from_fork_asm+0x1a/0x30 [ 286.676427][ T40] [ 286.676445][ T40] INFO: task kworker/0:2:823 blocked for more than 143 seconds. [ 286.676451][ T40] Not tainted 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 286.676457][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.676461][ T40] task:kworker/0:2 state:D stack:26976 pid:823 tgid:823 ppid:2 flags:0x00004000 [ 286.676480][ T40] Workqueue: events drm_fb_helper_damage_work [ 286.676519][ T40] Call Trace: [ 286.676526][ T40] [ 286.676533][ T40] __schedule+0xf15/0x5d00 [ 286.676564][ T40] ? __pfx___schedule+0x10/0x10 [ 286.676598][ T40] ? __pfx___schedule+0x10/0x10 [ 286.676629][ T40] ? schedule+0x298/0x350 [ 286.676647][ T40] ? __pfx_lock_release+0x10/0x10 [ 286.676673][ T40] schedule+0xe7/0x350 [ 286.676691][ T40] virtio_gpu_queue_fenced_ctrl_buffer+0x497/0xff0 [ 286.676717][ T40] ? __pfx_virtio_gpu_queue_fenced_ctrl_buffer+0x10/0x10 [ 286.676734][ T40] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 286.676748][ T40] ? kmem_cache_alloc_noprof+0x174/0x2f0 [ 286.676763][ T40] ? __pfx_autoremove_wake_function+0x10/0x10 [ 286.676779][ T40] ? __asan_memset+0x23/0x50 [ 286.676792][ T40] ? virtio_gpu_cmd_resource_flush+0x85/0x220 [ 286.676807][ T40] virtio_gpu_primary_plane_update+0x105d/0x1590 [ 286.676821][ T40] ? __pfx_virtio_gpu_primary_plane_update+0x10/0x10 [ 286.676837][ T40] ? drm_crtc_next_vblank_start+0x25d/0x300 [ 286.676862][ T40] drm_atomic_helper_commit_planes+0x93a/0x1000 [ 286.676893][ T40] drm_atomic_helper_commit_tail+0x69/0xf0 [ 286.676917][ T40] commit_tail+0x356/0x410 [ 286.676936][ T40] drm_atomic_helper_commit+0x2fd/0x380 [ 286.676957][ T40] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 286.676977][ T40] drm_atomic_commit+0x227/0x300 [ 286.677000][ T40] ? __pfx_drm_atomic_commit+0x10/0x10 [ 286.677021][ T40] ? __pfx___drm_printfn_info+0x10/0x10 [ 286.677037][ T40] ? modeset_lock+0x10e/0x6c0 [ 286.677049][ T40] drm_atomic_helper_dirtyfb+0x615/0x7b0 [ 286.677063][ T40] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 286.677079][ T40] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10 [ 286.677093][ T40] drm_fbdev_generic_helper_fb_dirty+0x7ad/0xbd0 [ 286.677105][ T40] ? __pfx_drm_fbdev_generic_helper_fb_dirty+0x10/0x10 [ 286.677116][ T40] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 286.677128][ T40] drm_fb_helper_damage_work+0x285/0x5e0 [ 286.677139][ T40] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 286.677151][ T40] process_one_work+0x9c5/0x1b40 [ 286.677162][ T40] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 286.677173][ T40] ? __pfx_process_one_work+0x10/0x10 [ 286.677184][ T40] ? assign_work+0x1a0/0x250 [ 286.677199][ T40] worker_thread+0x6c8/0xf30 [ 286.677210][ T40] ? __kthread_parkme+0x148/0x220 [ 286.677222][ T40] ? __pfx_worker_thread+0x10/0x10 [ 286.677232][ T40] kthread+0x2c1/0x3a0 [ 286.677244][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.677255][ T40] ? __pfx_kthread+0x10/0x10 [ 286.677267][ T40] ret_from_fork+0x45/0x80 [ 286.677280][ T40] ? __pfx_kthread+0x10/0x10 [ 286.677292][ T40] ret_from_fork_asm+0x1a/0x30 [ 286.677309][ T40] [ 286.677313][ T40] [ 286.677313][ T40] Showing all locks held in the system: [ 286.677318][ T40] 9 locks held by swapper/0/1: [ 286.677325][ T40] #0: ffff88801d9cf170 (&dev->mutex){....}-{3:3}, at: __driver_attach+0x278/0x580 [ 286.677356][ T40] #1: ffff88801fd0c2f8 (&dev->clientlist_mutex){+.+.}-{3:3}, at: drm_client_register+0x54/0x280 [ 286.677384][ T40] #2: ffffffff8e6e2bc8 (registration_lock){+.+.}-{3:3}, at: register_framebuffer+0x7a/0x840 [ 286.677413][ T40] #3: ffffffff8db9f2e0 (console_lock){+.+.}-{0:0}, at: fbcon_fb_registered+0x3c/0x6a0 [ 286.677440][ T40] #4: ffff88801f9e7280 (&helper->lock){+.+.}-{3:3}, at: drm_fb_helper_pan_display+0xd5/0x990 [ 286.677465][ T40] #5: ffff88801fd0c1b0 (&dev->master_mutex){+.+.}-{3:3}, at: drm_master_internal_acquire+0x21/0x80 [ 286.677496][ T40] #6: ffff88801f9e7098 (&client->modeset_mutex){+.+.}-{3:3}, at: drm_client_modeset_commit_locked+0x4c/0x580 [ 286.677525][ T40] #7: ffffc90000047318 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_client_modeset_commit_atomic+0xd0/0x810 [ 286.677553][ T40] #8: ffff88801fa860b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0 [ 286.677581][ T40] 3 locks held by kworker/0:1/10: [ 286.677588][ T40] #0: ffff888015488948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 286.677613][ T40] #1: ffffc900000d7d80 ((work_completion)(&vgvq->dequeue_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 286.677647][ T40] #2: ffff88801fd0c2f8 (&dev->clientlist_mutex){+.+.}-{3:3}, at: drm_client_dev_hotplug+0x169/0x3c0 [ 286.677692][ T40] 1 lock held by khungtaskd/40: [ 286.677701][ T40] #0: ffffffff8dbb1620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 286.677745][ T40] 2 locks held by kworker/u32:3/63: [ 286.677751][ T40] #0: ffff888015491148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 286.677777][ T40] #1: ffffc90000af7d80 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 286.677806][ T40] 5 locks held by kworker/0:2/823: [ 286.677812][ T40] #0: ffff888015488948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 286.677837][ T40] #1: ffffc90005647d80 ((work_completion)(&helper->damage_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 286.677872][ T40] #2: ffffc90005647a10 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_atomic_helper_dirtyfb+0xb5/0x7b0 [ 286.677917][ T40] #3: ffff88801fa860b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0 [ 286.677945][ T40] #4: ffffffff8e81db10 (drm_unplug_srcu){.+.+}-{0:0}, at: drm_dev_enter+0x49/0x160 [ 286.677993][ T40] [ 286.677998][ T40] ============================================= [ 286.677998][ T40] [ 286.678007][ T40] Kernel panic - not syncing: hung_task: blocked tasks [ 286.678015][ T40] CPU: 1 PID: 40 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 286.678032][ T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 286.678042][ T40] Call Trace: [ 286.678050][ T40] [ 286.678056][ T40] dump_stack_lvl+0x3d/0x1f0 [ 286.678076][ T40] panic+0x6f5/0x7a0 [ 286.678100][ T40] ? __pfx_panic+0x10/0x10 [ 286.678125][ T40] ? watchdog+0xd3d/0x1240 [ 286.678141][ T40] ? watchdog+0xd30/0x1240 [ 286.678157][ T40] watchdog+0xd4e/0x1240 [ 286.678174][ T40] ? __pfx_watchdog+0x10/0x10 [ 286.678184][ T40] ? lockdep_hardirqs_on+0x7c/0x110 [ 286.678196][ T40] ? __kthread_parkme+0x148/0x220 [ 286.678208][ T40] ? __pfx_watchdog+0x10/0x10 [ 286.678218][ T40] kthread+0x2c1/0x3a0 [ 286.678229][ T40] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.678239][ T40] ? __pfx_kthread+0x10/0x10 [ 286.678250][ T40] ret_from_fork+0x45/0x80 [ 286.678264][ T40] ? __pfx_kthread+0x10/0x10 [ 286.678275][ T40] ret_from_fork_asm+0x1a/0x30 [ 286.678290][ T40] [ 286.678891][ T40] Kernel Offset: disabled program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(0x0, r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, 0x0, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF program did not crash simplifying guilty program options testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) program crashed: KASAN: slab-use-after-free Read in __hci_req_sync extracting C reproducer testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF program did not crash testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_generic-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-sendmsg$NLBL_MGMT_C_REMOVEDEF detailed listing: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x22}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_MGMT_A_DOMAIN={0xe, 0x1, 'NLBL_MGMT\x00'}]}, 0x34}}, 0x0) program did not crash reproducing took 30m10.617534921s repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] BUG: KASAN: slab-use-after-free in refcount_read include/linux/refcount.h:136 [inline] BUG: KASAN: slab-use-after-free in skb_unref include/linux/skbuff.h:1222 [inline] BUG: KASAN: slab-use-after-free in __kfree_skb_reason net/core/skbuff.c:1195 [inline] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x36/0x210 net/core/skbuff.c:1222 Read of size 4 at addr ffff88801f12c364 by task syz-executor/6487 CPU: 1 PID: 6487 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] refcount_read include/linux/refcount.h:136 [inline] skb_unref include/linux/skbuff.h:1222 [inline] __kfree_skb_reason net/core/skbuff.c:1195 [inline] kfree_skb_reason+0x36/0x210 net/core/skbuff.c:1222 kfree_skb include/linux/skbuff.h:1257 [inline] __hci_req_sync+0x61d/0x980 net/bluetooth/hci_request.c:184 hci_req_sync+0x97/0xd0 net/bluetooth/hci_request.c:206 hci_dev_cmd+0x634/0x960 net/bluetooth/hci_core.c:787 hci_sock_ioctl+0x4f3/0x880 net/bluetooth/hci_sock.c:1150 sock_do_ioctl+0x116/0x280 net/socket.c:1222 sock_ioctl+0x22e/0x6c0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8509b757db Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 RSP: 002b:00007fffd8c74ed0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8509b757db RDX: 00007fffd8c74f48 RSI: 00000000400448dd RDI: 0000000000000003 RBP: 000055558349d4a8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002 R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000009 Allocated by task 64: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3940 [inline] slab_alloc_node mm/slub.c:4002 [inline] kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4009 skb_clone+0x190/0x3f0 net/core/skbuff.c:2052 hci_send_cmd_sync net/bluetooth/hci_core.c:4123 [inline] hci_cmd_work+0x66a/0x710 net/bluetooth/hci_core.c:4143 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3248 process_scheduled_works kernel/workqueue.c:3329 [inline] worker_thread+0x6c8/0xf30 kernel/workqueue.c:3409 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 64: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2196 [inline] slab_free mm/slub.c:4438 [inline] kmem_cache_free+0x12f/0x3a0 mm/slub.c:4513 kfree_skbmem+0x10e/0x200 net/core/skbuff.c:1131 __kfree_skb net/core/skbuff.c:1188 [inline] kfree_skb_reason+0x138/0x210 net/core/skbuff.c:1223 kfree_skb include/linux/skbuff.h:1257 [inline] hci_req_sync_complete+0x16c/0x270 net/bluetooth/hci_request.c:109 hci_event_packet+0x963/0x1170 net/bluetooth/hci_event.c:7479 hci_rx_work+0x2c4/0x1610 net/bluetooth/hci_core.c:4074 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3248 process_scheduled_works kernel/workqueue.c:3329 [inline] worker_thread+0x6c8/0xf30 kernel/workqueue.c:3409 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The buggy address belongs to the object at ffff88801f12c280 which belongs to the cache skbuff_head_cache of size 240 The buggy address is located 228 bytes inside of freed 240-byte region [ffff88801f12c280, ffff88801f12c370) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f12c head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffefff(slab) raw: 00fff00000000040 ffff888019298780 ffffea0000a7c680 dead000000000003 raw: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 head: 00fff00000000040 ffff888019298780 ffffea0000a7c680 dead000000000003 head: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 head: 00fff00000000001 ffffea00007c4b01 ffffffffffffffff 0000000000000000 head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6170, tgid 6170 (syz-executor), ts 319322108245, free_ts 319303442348 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1473 prep_new_page mm/page_alloc.c:1481 [inline] get_page_from_freelist+0x1353/0x2e50 mm/page_alloc.c:3425 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4683 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] alloc_slab_page+0x56/0x110 mm/slub.c:2265 allocate_slab mm/slub.c:2428 [inline] new_slab+0x84/0x260 mm/slub.c:2481 ___slab_alloc+0xdac/0x1870 mm/slub.c:3667 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3757 __slab_alloc_node mm/slub.c:3810 [inline] slab_alloc_node mm/slub.c:3990 [inline] kmem_cache_alloc_node_noprof+0xed/0x310 mm/slub.c:4045 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:656 alloc_skb include/linux/skbuff.h:1308 [inline] nlmsg_new include/net/netlink.h:1015 [inline] inet_netconf_notify_devconf+0x8b/0x1f0 net/ipv4/devinet.c:2133 __devinet_sysctl_register+0x223/0x360 net/ipv4/devinet.c:2608 devinet_sysctl_register net/ipv4/devinet.c:2642 [inline] devinet_sysctl_register+0x17b/0x200 net/ipv4/devinet.c:2632 inetdev_init+0x28b/0x580 net/ipv4/devinet.c:291 inetdev_event+0xd23/0x19b0 net/ipv4/devinet.c:1565 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992 page last free pid 6170 tgid 6170 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1093 [inline] free_unref_page+0x64a/0xe40 mm/page_alloc.c:2588 mm_free_pgd kernel/fork.c:804 [inline] __mmdrop+0xd5/0x470 kernel/fork.c:920 mmdrop include/linux/sched/mm.h:55 [inline] mmdrop_sched include/linux/sched/mm.h:83 [inline] mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline] finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5307 context_switch kernel/sched/core.c:5411 [inline] __schedule+0xf1d/0x5d00 kernel/sched/core.c:6745 __schedule_loop kernel/sched/core.c:6822 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6837 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894 rwsem_down_write_slowpath kernel/locking/rwsem.c:1178 [inline] __down_write_common+0x950/0x13f0 kernel/locking/rwsem.c:1306 kernfs_add_one+0xb1/0x520 fs/kernfs/dir.c:778 __kernfs_create_file+0x295/0x350 fs/kernfs/file.c:1063 sysfs_add_file_mode_ns+0x1ff/0x3b0 fs/sysfs/file.c:307 create_files fs/sysfs/group.c:76 [inline] internal_create_group+0x565/0xe50 fs/sysfs/group.c:180 internal_create_groups+0x9d/0x150 fs/sysfs/group.c:220 device_add_groups drivers/base/core.c:2826 [inline] device_add_attrs drivers/base/core.c:2901 [inline] device_add+0xf33/0x1a70 drivers/base/core.c:3633 netdev_register_kobject+0x187/0x3f0 net/core/net-sysfs.c:2136 register_netdevice+0x12ce/0x1cb0 net/core/dev.c:10375 lapbeth_new_device drivers/net/wan/lapbether.c:418 [inline] lapbeth_device_event+0x5b0/0xd40 drivers/net/wan/lapbether.c:460 Memory state around the buggy address: ffff88801f12c200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc ffff88801f12c280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88801f12c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc ^ ffff88801f12c380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ffff88801f12c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== final repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] BUG: KASAN: slab-use-after-free in refcount_read include/linux/refcount.h:136 [inline] BUG: KASAN: slab-use-after-free in skb_unref include/linux/skbuff.h:1222 [inline] BUG: KASAN: slab-use-after-free in __kfree_skb_reason net/core/skbuff.c:1195 [inline] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x36/0x210 net/core/skbuff.c:1222 Read of size 4 at addr ffff88801f12c364 by task syz-executor/6487 CPU: 1 PID: 6487 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] refcount_read include/linux/refcount.h:136 [inline] skb_unref include/linux/skbuff.h:1222 [inline] __kfree_skb_reason net/core/skbuff.c:1195 [inline] kfree_skb_reason+0x36/0x210 net/core/skbuff.c:1222 kfree_skb include/linux/skbuff.h:1257 [inline] __hci_req_sync+0x61d/0x980 net/bluetooth/hci_request.c:184 hci_req_sync+0x97/0xd0 net/bluetooth/hci_request.c:206 hci_dev_cmd+0x634/0x960 net/bluetooth/hci_core.c:787 hci_sock_ioctl+0x4f3/0x880 net/bluetooth/hci_sock.c:1150 sock_do_ioctl+0x116/0x280 net/socket.c:1222 sock_ioctl+0x22e/0x6c0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8509b757db Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 RSP: 002b:00007fffd8c74ed0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8509b757db RDX: 00007fffd8c74f48 RSI: 00000000400448dd RDI: 0000000000000003 RBP: 000055558349d4a8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002 R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000009 Allocated by task 64: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3940 [inline] slab_alloc_node mm/slub.c:4002 [inline] kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4009 skb_clone+0x190/0x3f0 net/core/skbuff.c:2052 hci_send_cmd_sync net/bluetooth/hci_core.c:4123 [inline] hci_cmd_work+0x66a/0x710 net/bluetooth/hci_core.c:4143 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3248 process_scheduled_works kernel/workqueue.c:3329 [inline] worker_thread+0x6c8/0xf30 kernel/workqueue.c:3409 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 64: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579 poison_slab_object+0xf7/0x160 mm/kasan/common.c:240 __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2196 [inline] slab_free mm/slub.c:4438 [inline] kmem_cache_free+0x12f/0x3a0 mm/slub.c:4513 kfree_skbmem+0x10e/0x200 net/core/skbuff.c:1131 __kfree_skb net/core/skbuff.c:1188 [inline] kfree_skb_reason+0x138/0x210 net/core/skbuff.c:1223 kfree_skb include/linux/skbuff.h:1257 [inline] hci_req_sync_complete+0x16c/0x270 net/bluetooth/hci_request.c:109 hci_event_packet+0x963/0x1170 net/bluetooth/hci_event.c:7479 hci_rx_work+0x2c4/0x1610 net/bluetooth/hci_core.c:4074 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3248 process_scheduled_works kernel/workqueue.c:3329 [inline] worker_thread+0x6c8/0xf30 kernel/workqueue.c:3409 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The buggy address belongs to the object at ffff88801f12c280 which belongs to the cache skbuff_head_cache of size 240 The buggy address is located 228 bytes inside of freed 240-byte region [ffff88801f12c280, ffff88801f12c370) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f12c head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffefff(slab) raw: 00fff00000000040 ffff888019298780 ffffea0000a7c680 dead000000000003 raw: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 head: 00fff00000000040 ffff888019298780 ffffea0000a7c680 dead000000000003 head: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 head: 00fff00000000001 ffffea00007c4b01 ffffffffffffffff 0000000000000000 head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6170, tgid 6170 (syz-executor), ts 319322108245, free_ts 319303442348 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1473 prep_new_page mm/page_alloc.c:1481 [inline] get_page_from_freelist+0x1353/0x2e50 mm/page_alloc.c:3425 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4683 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] alloc_slab_page+0x56/0x110 mm/slub.c:2265 allocate_slab mm/slub.c:2428 [inline] new_slab+0x84/0x260 mm/slub.c:2481 ___slab_alloc+0xdac/0x1870 mm/slub.c:3667 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3757 __slab_alloc_node mm/slub.c:3810 [inline] slab_alloc_node mm/slub.c:3990 [inline] kmem_cache_alloc_node_noprof+0xed/0x310 mm/slub.c:4045 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:656 alloc_skb include/linux/skbuff.h:1308 [inline] nlmsg_new include/net/netlink.h:1015 [inline] inet_netconf_notify_devconf+0x8b/0x1f0 net/ipv4/devinet.c:2133 __devinet_sysctl_register+0x223/0x360 net/ipv4/devinet.c:2608 devinet_sysctl_register net/ipv4/devinet.c:2642 [inline] devinet_sysctl_register+0x17b/0x200 net/ipv4/devinet.c:2632 inetdev_init+0x28b/0x580 net/ipv4/devinet.c:291 inetdev_event+0xd23/0x19b0 net/ipv4/devinet.c:1565 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992 page last free pid 6170 tgid 6170 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1093 [inline] free_unref_page+0x64a/0xe40 mm/page_alloc.c:2588 mm_free_pgd kernel/fork.c:804 [inline] __mmdrop+0xd5/0x470 kernel/fork.c:920 mmdrop include/linux/sched/mm.h:55 [inline] mmdrop_sched include/linux/sched/mm.h:83 [inline] mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline] finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5307 context_switch kernel/sched/core.c:5411 [inline] __schedule+0xf1d/0x5d00 kernel/sched/core.c:6745 __schedule_loop kernel/sched/core.c:6822 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6837 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6894 rwsem_down_write_slowpath kernel/locking/rwsem.c:1178 [inline] __down_write_common+0x950/0x13f0 kernel/locking/rwsem.c:1306 kernfs_add_one+0xb1/0x520 fs/kernfs/dir.c:778 __kernfs_create_file+0x295/0x350 fs/kernfs/file.c:1063 sysfs_add_file_mode_ns+0x1ff/0x3b0 fs/sysfs/file.c:307 create_files fs/sysfs/group.c:76 [inline] internal_create_group+0x565/0xe50 fs/sysfs/group.c:180 internal_create_groups+0x9d/0x150 fs/sysfs/group.c:220 device_add_groups drivers/base/core.c:2826 [inline] device_add_attrs drivers/base/core.c:2901 [inline] device_add+0xf33/0x1a70 drivers/base/core.c:3633 netdev_register_kobject+0x187/0x3f0 net/core/net-sysfs.c:2136 register_netdevice+0x12ce/0x1cb0 net/core/dev.c:10375 lapbeth_new_device drivers/net/wan/lapbether.c:418 [inline] lapbeth_device_event+0x5b0/0xd40 drivers/net/wan/lapbether.c:460 Memory state around the buggy address: ffff88801f12c200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc ffff88801f12c280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88801f12c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc ^ ffff88801f12c380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ffff88801f12c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================