program: r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0xfe, 0x7fff0006}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa8203, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, r1, 0x2}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000440)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x59, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x1, r4, 0xff, 0x7, 0xa, 0x1ff, 0x1}) (fail_nth: 15) [ 74.585251][ T5286] Bluetooth: hci0: command tx timeout [ 74.654944][ T5321] FAULT_INJECTION: forcing a failure. [ 74.654944][ T5321] name failslab, interval 1, probability 0, space 0, times 1 [ 74.659724][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.659744][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.659751][ T5321] Call Trace: [ 74.660640][ T5321] [ 74.660645][ T5321] dump_stack_lvl+0xe8/0x150 [ 74.661617][ T5321] should_fail_ex+0x40c/0x560 [ 74.661734][ T5321] should_failslab+0xa8/0x100 [ 74.661751][ T5321] __kmalloc_cache_node_noprof+0x8c/0x690 [ 74.661767][ T5321] ? unwind_next_frame+0x8f/0x2550 [ 74.661781][ T5321] ? __get_vm_area_node+0x136/0x300 [ 74.661795][ T5321] __get_vm_area_node+0x136/0x300 [ 74.661809][ T5321] __vmalloc_node_range_noprof+0x358/0x1730 [ 74.661823][ T5321] ? system_heap_vmap+0x1b5/0x570 [ 74.661836][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.661853][ T5321] ? trace_contention_end+0x3d/0x140 [ 74.661870][ T5321] ? system_heap_vmap+0xaa/0x570 [ 74.661883][ T5321] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 74.661896][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.661908][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.661920][ T5321] ? system_heap_vmap+0x1b5/0x570 [ 74.661932][ T5321] vmalloc_noprof+0xb2/0xe0 [ 74.661945][ T5321] ? system_heap_vmap+0x1b5/0x570 [ 74.661957][ T5321] system_heap_vmap+0x1b5/0x570 [ 74.661969][ T5321] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.661983][ T5321] ? __pfx_system_heap_vmap+0x10/0x10 [ 74.661994][ T5321] ? trace_contention_end+0x3d/0x140 [ 74.662008][ T5321] ? __ww_mutex_lock+0x669/0x3350 [ 74.662885][ T5321] ? __pfx_system_heap_vmap+0x10/0x10 [ 74.662899][ T5321] dma_buf_vmap+0x244/0x3c0 [ 74.662912][ T5321] ? __pfx_dma_buf_vmap+0x10/0x10 [ 74.662923][ T5321] ? drm_gem_vmap+0x4c/0x1d0 [ 74.662940][ T5321] ? __pfx___ww_mutex_lock+0x10/0x10 [ 74.662957][ T5321] drm_gem_shmem_vmap_locked+0x15c/0x7d0 [ 74.662971][ T5321] ? dma_resv_get_singleton+0x81/0x270 [ 74.662983][ T5321] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 74.662994][ T5321] ? drm_gem_vmap+0x25/0x1d0 [ 74.663009][ T5321] ? ww_mutex_lock+0x3f/0x1b0 [ 74.663025][ T5321] drm_gem_vmap+0x10a/0x1d0 [ 74.663041][ T5321] drm_gem_fb_vmap+0xa6/0x8e0 [ 74.663053][ T5321] drm_atomic_helper_prepare_planes+0x2de/0xb50 [ 74.663072][ T5321] drm_atomic_helper_commit+0x19d/0xb10 [ 74.663089][ T5321] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 74.663104][ T5321] drm_atomic_commit+0x24e/0x2b0 [ 74.663126][ T5321] ? __pfx_drm_atomic_commit+0x10/0x10 [ 74.663137][ T5321] ? drm_atomic_get_crtc_state+0x36c/0x570 [ 74.663147][ T5321] ? __pfx___drm_printfn_info+0x10/0x10 [ 74.663160][ T5321] ? drm_mode_object_get+0xcf/0x140 [ 74.663174][ T5321] ? drm_atomic_set_fb_for_plane+0x1f7/0x280 [ 74.663187][ T5321] drm_atomic_helper_update_plane+0x248/0x3b0 [ 74.663205][ T5321] drm_mode_cursor_common+0xe1a/0x15e0 [ 74.663223][ T5321] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 74.663234][ T5321] ? kasan_save_free_info+0x40/0x50 [ 74.663255][ T5321] ? drm_mode_cursor_ioctl+0xbb/0x130 [ 74.663267][ T5321] drm_mode_cursor_ioctl+0xd4/0x130 [ 74.663279][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 74.663291][ T5321] ? do_raw_spin_unlock+0x4d/0x210 [ 74.663306][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 74.663320][ T5321] ? drm_is_current_master+0x19f/0x200 [ 74.663334][ T5321] drm_ioctl_kernel+0x2df/0x3b0 [ 74.663344][ T5321] ? lock_acquire+0x5f/0x350 [ 74.663354][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 74.663365][ T5321] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 74.663375][ T5321] ? __might_fault+0xcb/0x130 [ 74.663389][ T5321] drm_ioctl+0x70e/0xba0 [ 74.663401][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 74.663412][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 74.663425][ T5321] ? __fget_files+0x2a/0x420 [ 74.663441][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20 [ 74.663455][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 74.663464][ T5321] __se_sys_ioctl+0xfc/0x170 [ 74.663475][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.663486][ T5321] do_syscall_64+0x174/0x580 [ 74.663502][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.663512][ T5321] ? clear_bhb_loop+0x40/0x90 [ 74.663524][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.663536][ T5321] RIP: 0033:0x7fd55ed9ce59 [ 74.663549][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.663558][ T5321] RSP: 002b:00007fd55b1f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.663572][ T5321] RAX: ffffffffffffffda RBX: 00007fd55f015fa0 RCX: 00007fd55ed9ce59 [ 74.663581][ T5321] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 74.663588][ T5321] RBP: 00007fd55b1f5050 R08: 0000000000000000 R09: 0000000000000000 [ 74.663595][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 74.663602][ T5321] R13: 00007fd55f016038 R14: 00007fd55f015fa0 R15: 00007fff9456edc8 [ 74.663613][ T5321] [ 74.924086][ T5321] syz.0.0: vmalloc error: size 264, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 74.930252][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.930275][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 74.930284][ T5321] Call Trace: [ 74.930299][ T5321] [ 74.930305][ T5321] dump_stack_lvl+0xe8/0x150 [ 74.930348][ T5321] warn_alloc+0x24c/0x270 [ 74.930365][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.930380][ T5321] ? __pfx_warn_alloc+0x10/0x10 [ 74.930396][ T5321] ? __get_vm_area_node+0x136/0x300 [ 74.930442][ T5321] ? __get_vm_area_node+0x2af/0x300 [ 74.930460][ T5321] __vmalloc_node_range_noprof+0x37d/0x1730 [ 74.930476][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.930490][ T5321] ? trace_contention_end+0x3d/0x140 [ 74.930509][ T5321] ? system_heap_vmap+0xaa/0x570 [ 74.930531][ T5321] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 74.930545][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.930559][ T5321] ? rcu_is_watching+0x15/0xb0 [ 74.930573][ T5321] ? system_heap_vmap+0x1b5/0x570 [ 74.930586][ T5321] vmalloc_noprof+0xb2/0xe0 [ 74.930600][ T5321] ? system_heap_vmap+0x1b5/0x570 [ 74.930612][ T5321] system_heap_vmap+0x1b5/0x570 [ 74.930622][ T5321] ? __pfx___mutex_trylock_common+0x10/0x10 [ 74.930632][ T5321] ? __pfx_system_heap_vmap+0x10/0x10 [ 74.930641][ T5321] ? trace_contention_end+0x3d/0x140 [ 74.930651][ T5321] ? __ww_mutex_lock+0x669/0x3350 [ 74.930670][ T5321] ? __pfx_system_heap_vmap+0x10/0x10 [ 74.930680][ T5321] dma_buf_vmap+0x244/0x3c0 [ 74.930689][ T5321] ? __pfx_dma_buf_vmap+0x10/0x10 [ 74.930697][ T5321] ? drm_gem_vmap+0x4c/0x1d0 [ 74.930710][ T5321] ? __pfx___ww_mutex_lock+0x10/0x10 [ 74.930723][ T5321] drm_gem_shmem_vmap_locked+0x15c/0x7d0 [ 74.930733][ T5321] ? dma_resv_get_singleton+0x81/0x270 [ 74.930742][ T5321] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 74.930754][ T5321] ? drm_gem_vmap+0x25/0x1d0 [ 74.930766][ T5321] ? ww_mutex_lock+0x3f/0x1b0 [ 74.930778][ T5321] drm_gem_vmap+0x10a/0x1d0 [ 74.930790][ T5321] drm_gem_fb_vmap+0xa6/0x8e0 [ 74.930799][ T5321] drm_atomic_helper_prepare_planes+0x2de/0xb50 [ 74.930813][ T5321] drm_atomic_helper_commit+0x19d/0xb10 [ 74.930826][ T5321] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 74.930842][ T5321] drm_atomic_commit+0x24e/0x2b0 [ 74.930856][ T5321] ? __pfx_drm_atomic_commit+0x10/0x10 [ 74.930866][ T5321] ? drm_atomic_get_crtc_state+0x36c/0x570 [ 74.930877][ T5321] ? __pfx___drm_printfn_info+0x10/0x10 [ 74.930893][ T5321] ? drm_mode_object_get+0xcf/0x140 [ 74.930908][ T5321] ? drm_atomic_set_fb_for_plane+0x1f7/0x280 [ 74.930922][ T5321] drm_atomic_helper_update_plane+0x248/0x3b0 [ 74.930943][ T5321] drm_mode_cursor_common+0xe1a/0x15e0 [ 74.930968][ T5321] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 74.930979][ T5321] ? kasan_save_free_info+0x40/0x50 [ 74.931002][ T5321] ? drm_mode_cursor_ioctl+0xbb/0x130 [ 74.931015][ T5321] drm_mode_cursor_ioctl+0xd4/0x130 [ 74.931028][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 74.931041][ T5321] ? do_raw_spin_unlock+0x4d/0x210 [ 74.931059][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 74.931073][ T5321] ? drm_is_current_master+0x19f/0x200 [ 74.931087][ T5321] drm_ioctl_kernel+0x2df/0x3b0 [ 74.931097][ T5321] ? lock_acquire+0x5f/0x350 [ 74.931108][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 74.931121][ T5321] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 74.931133][ T5321] ? __might_fault+0xcb/0x130 [ 74.931150][ T5321] drm_ioctl+0x70e/0xba0 [ 74.931163][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 74.931171][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 74.931180][ T5321] ? __fget_files+0x2a/0x420 [ 74.931191][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20 [ 74.931203][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 74.931210][ T5321] __se_sys_ioctl+0xfc/0x170 [ 74.931218][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.931226][ T5321] do_syscall_64+0x174/0x580 [ 74.931248][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.931256][ T5321] ? clear_bhb_loop+0x40/0x90 [ 74.931269][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.931277][ T5321] RIP: 0033:0x7fd55ed9ce59 [ 74.931287][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.931294][ T5321] RSP: 002b:00007fd55b1f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.931304][ T5321] RAX: ffffffffffffffda RBX: 00007fd55f015fa0 RCX: 00007fd55ed9ce59 [ 74.931310][ T5321] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 74.931316][ T5321] RBP: 00007fd55b1f5050 R08: 0000000000000000 R09: 0000000000000000 [ 74.931321][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 74.931325][ T5321] R13: 00007fd55f016038 R14: 00007fd55f015fa0 R15: 00007fff9456edc8 [ 74.931334][ T5321] [ 75.168494][ T5321] Mem-Info: [ 75.177515][ T5321] active_anon:2659 inactive_anon:14 isolated_anon:0 [ 75.177515][ T5321] active_file:3 inactive_file:38701 isolated_file:0 [ 75.177515][ T5321] unevictable:1768 dirty:0 writeback:0 [ 75.177515][ T5321] slab_reclaimable:6824 slab_unreclaimable:30758 [ 75.177515][ T5321] mapped:9971 shmem:2162 pagetables:721 [ 75.177515][ T5321] sec_pagetables:290 bounce:0 [ 75.177515][ T5321] kernel_misc_reclaimable:0 [ 75.177515][ T5321] free:34107 free_pcp:2428 free_cma:0 [ 75.217291][ T5321] Node 0 active_anon:116kB inactive_anon:0kB active_file:12kB inactive_file:0kB unevictable:1448kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:0kB writeback:0kB shmem:1472kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:2624kB pagetables:924kB sec_pagetables:1084kB all_unreclaimable? yes Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 75.231859][ T5321] Node 1 active_anon:10544kB inactive_anon:56kB active_file:0kB inactive_file:154804kB unevictable:5600kB isolated(anon):0kB isolated(file):0kB mapped:39868kB dirty:0kB writeback:0kB shmem:7176kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7104kB pagetables:1960kB sec_pagetables:76kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 75.248416][ T5321] Node 0 DMA free:1284kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:904kB local_pcp:904kB free_cma:0kB [ 75.264418][ T5321] lowmem_reserve[]: 0 112 112 112 112 [ 75.267002][ T5321] Node 0 DMA32 free:4672kB boost:2048kB min:6352kB low:7428kB high:8504kB reserved_highatomic:0KB free_highatomic:0KB active_anon:116kB inactive_anon:0kB active_file:12kB inactive_file:0kB unevictable:1448kB writepending:0kB zspages:0kB present:770052kB managed:115692kB mlocked:0kB bounce:0kB free_pcp:1720kB local_pcp:1720kB free_cma:0kB [ 75.282150][ T5321] lowmem_reserve[]: 0 0 0 0 0 [ 75.284799][ T5321] Node 1 DMA32 free:129928kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10544kB inactive_anon:56kB active_file:0kB inactive_file:154804kB unevictable:5600kB writepending:0kB zspages:1388kB present:786288kB managed:690812kB mlocked:0kB bounce:0kB free_pcp:8192kB local_pcp:8192kB free_cma:0kB [ 75.298966][ T5321] lowmem_reserve[]: 0 0 0 0 0 [ 75.302184][ T5321] Node 0 DMA: 5*4kB (UE) 2*8kB (UE) 0*16kB 1*32kB (U) 1*64kB (E) 1*128kB (U) 0*256kB 0*512kB 1*1024kB (E) 0*2048kB 0*4096kB = 1284kB [ 75.308423][ T5321] Node 0 DMA32: 2*4kB (E) 1*8kB (U) 1*16kB (U) 5*32kB (M) 6*64kB (UM) 4*128kB (UM) 2*256kB (UM) 4*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 4672kB [ 75.316167][ T5321] Node 1 DMA32: 0*4kB 3*8kB (UME) 2*16kB (UE) 2*32kB (UM) 0*64kB 2*128kB (ME) 2*256kB (ME) 0*512kB 2*1024kB (UE) 2*2048kB (UM) 30*4096kB (M) = 129912kB [ 75.324132][ T5321] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 75.328894][ T5321] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 75.333759][ T5321] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 75.338492][ T5321] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 75.343793][ T5321] 40928 total pagecache pages [ 75.346394][ T5321] 63 pages in swap cache [ 75.348522][ T5321] Free swap = 123172kB [ 75.350389][ T5321] Total swap = 124996kB [ 75.352562][ T5321] 393083 pages RAM [ 75.354351][ T5321] 0 pages HighMem/MovableOnly [ 75.357106][ T5321] 187617 pages reserved [ 75.360139][ T5321] 0 pages cma reserved [ 75.362874][ T5321] ------------[ cut here ]------------ [ 75.365519][ T5321] ret [ 75.365536][ T5321] WARNING: drivers/dma-buf/dma-buf.c:1653 at dma_buf_vmap+0x30f/0x3c0, CPU#0: syz.0.0/5321 [ 75.371577][ T5321] Modules linked in: [ 75.373387][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.377531][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.382550][ T5321] RIP: 0010:dma_buf_vmap+0x30f/0x3c0 [ 75.384803][ T5321] Code: cc cc cc e8 c3 35 98 fb 90 0f 0b 90 b8 ea ff ff ff eb b4 e8 b3 35 98 fb 90 0f 0b 90 e9 11 fe ff ff e8 a5 35 98 fb 44 89 f0 90 <0f> 0b 90 49 bc 00 00 00 00 00 fc ff df eb 8e e8 7d 44 82 05 48 c7 [ 75.394245][ T5321] RSP: 0018:ffffc9000e26f3a0 EFLAGS: 00010293 [ 75.397145][ T5321] RAX: 00000000fffffff4 RBX: 1ffff92001c4de78 RCX: ffff88801aa72540 [ 75.400284][ T5321] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 75.404129][ T5321] RBP: ffffc9000e26f450 R08: ffffc9000e26f227 R09: 1ffff92001c4de44 [ 75.407925][ T5321] R10: dffffc0000000000 R11: fffff52001c4de45 R12: 1ffff1100252b605 [ 75.411319][ T5321] R13: ffffffff862f9e90 R14: 00000000fffffff4 R15: ffff88801295b030 [ 75.414686][ T5321] FS: 00007fd55b1f56c0(0000) GS:ffff88808c848000(0000) knlGS:0000000000000000 [ 75.418664][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.421911][ T5321] CR2: 00007fd55efee6b8 CR3: 0000000043ecc000 CR4: 0000000000352ef0 [ 75.426132][ T5321] Call Trace: [ 75.427629][ T5321] [ 75.428863][ T5321] ? __pfx_dma_buf_vmap+0x10/0x10 [ 75.431069][ T5321] ? drm_gem_vmap+0x4c/0x1d0 [ 75.433113][ T5321] ? __pfx___ww_mutex_lock+0x10/0x10 [ 75.436228][ T5321] drm_gem_shmem_vmap_locked+0x15c/0x7d0 [ 75.438802][ T5321] ? dma_resv_get_singleton+0x81/0x270 [ 75.441169][ T5321] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 75.443727][ T5321] ? drm_gem_vmap+0x25/0x1d0 [ 75.446156][ T5321] ? ww_mutex_lock+0x3f/0x1b0 [ 75.448944][ T5321] drm_gem_vmap+0x10a/0x1d0 [ 75.451101][ T5321] drm_gem_fb_vmap+0xa6/0x8e0 [ 75.453161][ T5321] drm_atomic_helper_prepare_planes+0x2de/0xb50 [ 75.455845][ T5321] drm_atomic_helper_commit+0x19d/0xb10 [ 75.459745][ T5321] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 75.463039][ T5321] drm_atomic_commit+0x24e/0x2b0 [ 75.465084][ T5321] ? __pfx_drm_atomic_commit+0x10/0x10 [ 75.467544][ T5321] ? drm_atomic_get_crtc_state+0x36c/0x570 [ 75.470674][ T5321] ? __pfx___drm_printfn_info+0x10/0x10 [ 75.473271][ T5321] ? drm_mode_object_get+0xcf/0x140 [ 75.475778][ T5321] ? drm_atomic_set_fb_for_plane+0x1f7/0x280 [ 75.478735][ T5321] drm_atomic_helper_update_plane+0x248/0x3b0 [ 75.481638][ T5321] drm_mode_cursor_common+0xe1a/0x15e0 [ 75.484210][ T5321] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 75.487057][ T5321] ? kasan_save_free_info+0x40/0x50 [ 75.490056][ T5321] ? drm_mode_cursor_ioctl+0xbb/0x130 [ 75.493122][ T5321] drm_mode_cursor_ioctl+0xd4/0x130 [ 75.495337][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 75.497949][ T5321] ? do_raw_spin_unlock+0x4d/0x210 [ 75.500281][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 75.502893][ T5321] ? drm_is_current_master+0x19f/0x200 [ 75.506120][ T5321] drm_ioctl_kernel+0x2df/0x3b0 [ 75.508827][ T5321] ? lock_acquire+0x5f/0x350 [ 75.511064][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 75.513708][ T5321] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.516435][ T5321] ? __might_fault+0xcb/0x130 [ 75.518770][ T5321] drm_ioctl+0x70e/0xba0 [ 75.520863][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 75.523320][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 75.525449][ T5321] ? __fget_files+0x2a/0x420 [ 75.527657][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.530277][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 75.532907][ T5321] __se_sys_ioctl+0xfc/0x170 [ 75.535007][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.537574][ T5321] do_syscall_64+0x174/0x580 [ 75.539574][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.543117][ T5321] ? clear_bhb_loop+0x40/0x90 [ 75.545379][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.547949][ T5321] RIP: 0033:0x7fd55ed9ce59 [ 75.549923][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.558848][ T5321] RSP: 002b:00007fd55b1f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.562561][ T5321] RAX: ffffffffffffffda RBX: 00007fd55f015fa0 RCX: 00007fd55ed9ce59 [ 75.566315][ T5321] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 75.570179][ T5321] RBP: 00007fd55b1f5050 R08: 0000000000000000 R09: 0000000000000000 [ 75.573918][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 75.577655][ T5321] R13: 00007fd55f016038 R14: 00007fd55f015fa0 R15: 00007fff9456edc8 [ 75.581450][ T5321] [ 75.582811][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.585969][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.590331][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 75.594643][ T5321] Call Trace: [ 75.596161][ T5321] [ 75.597524][ T5321] vpanic+0x56c/0xa60 [ 75.599497][ T5321] ? __pfx__printk+0x10/0x10 [ 75.601743][ T5321] ? __pfx_vpanic+0x10/0x10 [ 75.603821][ T5321] ? is_bpf_text_address+0x292/0x2b0 [ 75.606159][ T5321] ? is_bpf_text_address+0x26/0x2b0 [ 75.608549][ T5321] panic+0xc5/0xd0 [ 75.610465][ T5321] ? __pfx_panic+0x10/0x10 [ 75.612776][ T5321] __warn+0x315/0x4c0 [ 75.614705][ T5321] ? dma_buf_vmap+0x30f/0x3c0 [ 75.616628][ T5321] ? dma_buf_vmap+0x30f/0x3c0 [ 75.618816][ T5321] __report_bug+0x331/0x530 [ 75.621239][ T5321] ? lock_release+0x4b/0x3c0 [ 75.624110][ T5321] ? dma_buf_vmap+0x30f/0x3c0 [ 75.626289][ T5321] ? __pfx___report_bug+0x10/0x10 [ 75.628485][ T5321] ? __mutex_unlock_slowpath+0x731/0x900 [ 75.630963][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.633556][ T5321] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 75.636332][ T5321] ? rcu_is_watching+0x15/0xb0 [ 75.638182][ T5321] ? system_heap_vmap+0x1b5/0x570 [ 75.640323][ T5321] ? dma_buf_vmap+0x30f/0x3c0 [ 75.642405][ T5321] report_bug+0x16a/0x220 [ 75.644554][ T5321] ? dma_buf_vmap+0x30f/0x3c0 [ 75.647113][ T5321] ? dma_buf_vmap+0x311/0x3c0 [ 75.649319][ T5321] handle_bug+0x9c/0x200 [ 75.651022][ T5321] exc_invalid_op+0x1a/0x50 [ 75.653010][ T5321] asm_exc_invalid_op+0x1a/0x20 [ 75.655169][ T5321] RIP: 0010:dma_buf_vmap+0x30f/0x3c0 [ 75.657594][ T5321] Code: cc cc cc e8 c3 35 98 fb 90 0f 0b 90 b8 ea ff ff ff eb b4 e8 b3 35 98 fb 90 0f 0b 90 e9 11 fe ff ff e8 a5 35 98 fb 44 89 f0 90 <0f> 0b 90 49 bc 00 00 00 00 00 fc ff df eb 8e e8 7d 44 82 05 48 c7 [ 75.666290][ T5321] RSP: 0018:ffffc9000e26f3a0 EFLAGS: 00010293 [ 75.669173][ T5321] RAX: 00000000fffffff4 RBX: 1ffff92001c4de78 RCX: ffff88801aa72540 [ 75.672726][ T5321] RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000 [ 75.676269][ T5321] RBP: ffffc9000e26f450 R08: ffffc9000e26f227 R09: 1ffff92001c4de44 [ 75.679970][ T5321] R10: dffffc0000000000 R11: fffff52001c4de45 R12: 1ffff1100252b605 [ 75.683575][ T5321] R13: ffffffff862f9e90 R14: 00000000fffffff4 R15: ffff88801295b030 [ 75.687234][ T5321] ? __pfx_system_heap_vmap+0x10/0x10 [ 75.689571][ T5321] ? __pfx_dma_buf_vmap+0x10/0x10 [ 75.691888][ T5321] ? drm_gem_vmap+0x4c/0x1d0 [ 75.693988][ T5321] ? __pfx___ww_mutex_lock+0x10/0x10 [ 75.696188][ T5321] drm_gem_shmem_vmap_locked+0x15c/0x7d0 [ 75.698449][ T5321] ? dma_resv_get_singleton+0x81/0x270 [ 75.700855][ T5321] ? __pfx_drm_gem_shmem_vmap_locked+0x10/0x10 [ 75.703639][ T5321] ? drm_gem_vmap+0x25/0x1d0 [ 75.705617][ T5321] ? ww_mutex_lock+0x3f/0x1b0 [ 75.707755][ T5321] drm_gem_vmap+0x10a/0x1d0 [ 75.710022][ T5321] drm_gem_fb_vmap+0xa6/0x8e0 [ 75.712351][ T5321] drm_atomic_helper_prepare_planes+0x2de/0xb50 [ 75.715165][ T5321] drm_atomic_helper_commit+0x19d/0xb10 [ 75.717608][ T5321] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 75.720646][ T5321] drm_atomic_commit+0x24e/0x2b0 [ 75.723161][ T5321] ? __pfx_drm_atomic_commit+0x10/0x10 [ 75.725542][ T5321] ? drm_atomic_get_crtc_state+0x36c/0x570 [ 75.728049][ T5321] ? __pfx___drm_printfn_info+0x10/0x10 [ 75.730541][ T5321] ? drm_mode_object_get+0xcf/0x140 [ 75.733268][ T5321] ? drm_atomic_set_fb_for_plane+0x1f7/0x280 [ 75.736204][ T5321] drm_atomic_helper_update_plane+0x248/0x3b0 [ 75.738708][ T5321] drm_mode_cursor_common+0xe1a/0x15e0 [ 75.741028][ T5321] ? __pfx_drm_mode_cursor_common+0x10/0x10 [ 75.743878][ T5321] ? kasan_save_free_info+0x40/0x50 [ 75.746673][ T5321] ? drm_mode_cursor_ioctl+0xbb/0x130 [ 75.749109][ T5321] drm_mode_cursor_ioctl+0xd4/0x130 [ 75.751399][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 75.754130][ T5321] ? do_raw_spin_unlock+0x4d/0x210 [ 75.758216][ T5321] ? _raw_spin_unlock+0x28/0x50 [ 75.760666][ T5321] ? drm_is_current_master+0x19f/0x200 [ 75.763069][ T5321] drm_ioctl_kernel+0x2df/0x3b0 [ 75.765533][ T5321] ? lock_acquire+0x5f/0x350 [ 75.767728][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 75.770479][ T5321] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 75.773077][ T5321] ? __might_fault+0xcb/0x130 [ 75.775062][ T5321] drm_ioctl+0x70e/0xba0 [ 75.776799][ T5321] ? __pfx_drm_mode_cursor_ioctl+0x10/0x10 [ 75.779260][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 75.781562][ T5321] ? __fget_files+0x2a/0x420 [ 75.783782][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.786032][ T5321] ? __pfx_drm_ioctl+0x10/0x10 [ 75.788066][ T5321] __se_sys_ioctl+0xfc/0x170 [ 75.789973][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.792929][ T5321] do_syscall_64+0x174/0x580 [ 75.795257][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.797898][ T5321] ? clear_bhb_loop+0x40/0x90 [ 75.799868][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.802320][ T5321] RIP: 0033:0x7fd55ed9ce59 [ 75.804349][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.812472][ T5321] RSP: 002b:00007fd55b1f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.815951][ T5321] RAX: ffffffffffffffda RBX: 00007fd55f015fa0 RCX: 00007fd55ed9ce59 [ 75.819698][ T5321] RDX: 0000200000000280 RSI: 00000000c01c64a3 RDI: 0000000000000003 [ 75.823031][ T5321] RBP: 00007fd55b1f5050 R08: 0000000000000000 R09: 0000000000000000 [ 75.826368][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 75.830175][ T5321] R13: 00007fd55f016038 R14: 00007fd55f015fa0 R15: 00007fff9456edc8 [ 75.833671][ T5321] [ 75.835281][ T5321] Kernel Offset: disabled [ 75.837065][ T5321] Rebooting in 86400 seconds..