Extracting prog: 1m23.110636691s
Minimizing prog: 36m1.561362074s
Simplifying prog options: 0s
Extracting C: 29.246230664s
Simplifying C: 6m57.539246559s
1 programs, 3 VMs, timeouts [15s 6m0s]
extracting reproducer from 1 programs
single: executing 1 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
detailed listing:
executing program 0:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25)
write$FUSE_DIRENT(r0, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48)
program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
detailed listing:
executing program 0:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25)
write$FUSE_DIRENT(r0, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48)
program crashed: KASAN: stack-out-of-bounds Read in profile_pc
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs
detailed listing:
executing program 0:
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25)
program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): write$FUSE_DIRENT
detailed listing:
executing program 0:
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48)
program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
detailed listing:
executing program 0:
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x169101, 0x25)
write$FUSE_DIRENT(r0, &(0x7f0000002480)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYRES32, @ANYBLOB, @ANYRES16], 0x48)
program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
detailed listing:
executing program 0:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x169101, 0x25)
write$FUSE_DIRENT(r0, 0x0, 0x48)
failed to boot instance (try 1): failed to create VM: can't ssh into the instance
failed to run ["ssh" "-p" "26595" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "root@localhost" "pwd"]: exit status 255
Connection timed out during banner exchange
Connection to 127.0.0.1 port 26595 timed out
ftruncate: Invalid argument
qemu-system-x86_64: warning: hub 0 is not connected to host network
[ 0.000000][ T0] Linux version 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 (syzkaller@syzkaller) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #0 SMP PREEMPT_DYNAMIC now
[ 0.000000][ T0] Command line: root=/dev/sda console=ttyS0 root=/dev/sda1
[ 0.000000][ T0] KERNEL supported cpus:
[ 0.000000][ T0] Intel GenuineIntel
[ 0.000000][ T0] AMD AuthenticAMD
[ 0.000000][ T0] BIOS-provided physical RAM map:
[ 0.000000][ T0] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000][ T0] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[ 0.000000][ T0] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[ 0.000000][ T0] BIOS-e820: [mem 0x0000000000100000-0x000000007ffdcfff] usable
[ 0.000000][ T0] BIOS-e820: [mem 0x000000007ffdd000-0x000000007fffffff] reserved
[ 0.000000][ T0] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff] reserved
[ 0.000000][ T0] BIOS-e820: [mem 0x00000000fed1c000-0x00000000fed1ffff] reserved
[ 0.000000][ T0] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
[ 0.000000][ T0] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
[ 0.000000][ T0] BIOS-e820: [mem 0x0000000100000000-0x000000017fffffff] usable
[ 0.000000][ T0] printk: legacy bootconsole [earlyser0] enabled
[ 0.000000][ T0] ERROR: earlyprintk= earlyser already used
[ 0.000000][ T0] ERROR: earlyprintk= earlyser already used
[ 0.000000][ T0] **********************************************************
[ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 0.000000][ T0] ** **
[ 0.000000][ T0] ** This system shows unhashed kernel memory addresses **
[ 0.000000][ T0] ** via the console, logs, and other interfaces. This **
[ 0.000000][ T0] ** might reduce the security of your system. **
[ 0.000000][ T0] ** **
[ 0.000000][ T0] ** If you see this message and you are not debugging **
[ 0.000000][ T0] ** the kernel, report this immediately to your system **
[ 0.000000][ T0] ** administrator! **
[ 0.000000][ T0] ** **
[ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 0.000000][ T0] **********************************************************
[ 0.000000][ T0] Malformed early option 'vsyscall'
[ 0.000000][ T0] nopcid: PCID feature disabled
[ 0.000000][ T0] NX (Execute Disable) protection: active
[ 0.000000][ T0] APIC: Static calls initialized
[ 0.000000][ T0] SMBIOS 3.0.0 present.
[ 0.000000][ T0] DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 0.000000][ T0] DMI: Memory slots populated: 1/1
[ 0.000000][ T0] Hypervisor detected: KVM
[ 0.000000][ T0] kvm-clock: Using msrs 4b564d01 and 4b564d00
[ 0.000008][ T0] kvm-clock: using sched offset of 3797720306 cycles
[ 0.005333][ T0] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[ 0.022171][ T0] tsc: Detected 2600.028 MHz processor
[ 0.041639][ T0] last_pfn = 0x180000 max_arch_pfn = 0x400000000
[ 0.049865][ T0] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
[ 0.059374][ T0] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT
[ 0.067658][ T0] last_pfn = 0x7ffdd max_arch_pfn = 0x400000000
[ 0.084746][ T0] found SMP MP-table at [mem 0x000f5b40-0x000f5b4f]
[ 0.091005][ T0] Using GB pages for direct mapping
[ 0.099052][ T0] ACPI: Early table checksum verification disabled
[ 0.105371][ T0] ACPI: RSDP 0x00000000000F5910 000014 (v00 BOCHS )
[ 0.111805][ T0] ACPI: RSDT 0x000000007FFE2925 000048 (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.122620][ T0] ACPI: FACP 0x000000007FFE1B2C 0000F4 (v03 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.132380][ T0] ACPI: DSDT 0x000000007FFDF040 002AEC (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.141850][ T0] ACPI: FACS 0x000000007FFDF000 000040
[ 0.147578][ T0] ACPI: APIC 0x000000007FFE1C20 0000B0 (v03 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.168648][ T0] ACPI: HPET 0x000000007FFE1CD0 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.181065][ T0] ACPI: SRAT 0x000000007FFE1D08 000178 (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.201052][ T0] ACPI: MCFG 0x000000007FFE1E80 00003C (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.224183][ T0] ACPI: DMAR 0x000000007FFE1EBC 0000C0 (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.244438][ T0] ACPI: SSDT 0x000000007FFE1F7C 0008A1 (v01 BOCHS NVDIMM 00000001 BXPC 00000001)
[ 0.252824][ T0] ACPI: NFIT 0x000000007FFE281D 0000E0 (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.281171][ T0] ACPI: WAET 0x000000007FFE28FD 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001)
[ 0.289552][ T0] ACPI: Reserving FACP table memory at [mem 0x7ffe1b2c-0x7ffe1c1f]
[ 0.311097][ T0] ACPI: Reserving DSDT table memory at [mem 0x7ffdf040-0x7ffe1b2b]
[ 0.332296][ T0] ACPI: Reserving FACS table memory at [mem 0x7ffdf000-0x7ffdf03f]
[ 0.348005][ T0] ACPI: Reserving APIC table memory at [mem 0x7ffe1c20-0x7ffe1ccf]
[ 0.355236][ T0] ACPI: Reserving HPET table memory at [mem 0x7ffe1cd0-0x7ffe1d07]
[ 0.382992][ T0] ACPI: Reserving SRAT table memory at [mem 0x7ffe1d08-0x7ffe1e7f]
[ 0.389780][ T0] ACPI: Reserving MCFG table memory at [mem 0x7ffe1e80-0x7ffe1ebb]
[ 0.408415][ T0] ACPI: Reserving DMAR table memory at [mem 0x7ffe1ebc-0x7ffe1f7b]
[ 0.434909][ T0] ACPI: Reserving SSDT table memory at [mem 0x7ffe1f7c-0x7ffe281c]
[ 0.441837][ T0] ACPI: Reserving NFIT table memory at [mem 0x7ffe281d-0x7ffe28fc]
[ 0.449013][ T0] ACPI: Reserving WAET table memory at [mem 0x7ffe28fd-0x7ffe2924]
[ 0.456932][ T0] SRAT: PXM 0 -> APIC 0x00 -> Node 0
[ 0.461632][ T0] SRAT: PXM 0 -> APIC 0x01 -> Node 0
[ 0.466166][ T0] SRAT: PXM 0 -> APIC 0x02 -> Node 0
[ 0.471002][ T0] SRAT: PXM 0 -> APIC 0x03 -> Node 0
[ 0.475897][ T0] SRAT: PXM 0 -> APIC 0x04 -> Node 0
[ 0.480831][ T0] SRAT: PXM 0 -> APIC 0x05 -> Node 0
[ 0.485681][ T0] SRAT: PXM 0 -> APIC 0x06 -> Node 0
[ 0.490458][ T0] SRAT: PXM 0 -> APIC 0x07 -> Node 0
[ 0.495197][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0x0009ffff]
[ 0.501438][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00100000-0x7fffffff]
[ 0.507498][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0x17fffffff]
[ 0.513630][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff] non-volatile
[ 0.521105][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x57fffffff] hotplug
[ 0.529920][ T0] NUMA: Node 0 [mem 0x00000000-0x0009ffff] + [mem 0x00100000-0x7fffffff] -> [mem 0x00000000-0x7fffffff]
[ 0.543393][ T0] NUMA: Node 0 [mem 0x00000000-0x7fffffff] + [mem 0x100000000-0x17fffffff] -> [mem 0x00000000-0x17fffffff]
[ 0.557200][ T0] Faking node 0 at [mem 0x0000000000000000-0x00000000ffffffff] (4096MB)
[ 0.574701][ T0] Faking node 1 at [mem 0x0000000100000000-0x000000017fffffff] (2048MB)
[ 0.583800][ T0] NODE_DATA(0) allocated [mem 0x7ffd7000-0x7ffdcfff]
[ 0.589881][ T0] NODE_DATA(1) allocated [mem 0x17fff7000-0x17fffcfff]
[ 0.614079][ T0] Zone ranges:
[ 0.618239][ T0] DMA [mem 0x0000000000001000-0x0000000000ffffff]
[ 0.627977][ T0] DMA32 [mem 0x0000000001000000-0x00000000ffffffff]
[ 0.636403][ T0] Normal [mem 0x0000000100000000-0x000000017fffffff]
[ 0.644822][ T0] Device empty
[ 0.649311][ T0] Movable zone start for each node
[ 0.655484][ T0] Early memory node ranges
[ 0.660615][ T0] node 0: [mem 0x0000000000001000-0x000000000009efff]
[ 0.669103][ T0] node 0: [mem 0x0000000000100000-0x000000007ffdcfff]
[ 0.676205][ T0] node 1: [mem 0x0000000100000000-0x000000017fffffff]
[ 0.684091][ T0] Initmem setup node 0 [mem 0x0000000000001000-0x000000007ffdcfff]
[ 0.694771][ T0] Initmem setup node 1 [mem 0x0000000100000000-0x000000017fffffff]
[ 0.704481][ T0] On node 0, zone DMA: 1 pages in unavailable ranges
[ 0.712072][ T0] On node 0, zone DMA: 97 pages in unavailable ranges
[ 0.842708][ T0] On node 1, zone Normal: 35 pages in unavailable ranges
[ 1.104492][ T0] kasan: KernelAddressSanitizer initialized
[ 1.118227][ T0] ACPI: PM-Timer IO Port: 0x608
[ 1.140069][ T0] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1])
[ 1.147859][ T0] IOAPIC[0]: apic_id 0, version 32, address 0xfec00000, GSI 0-23
[ 1.157280][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[ 1.165724][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level)
[ 1.174692][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
[ 1.183023][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level)
[ 1.191502][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level)
[ 1.199925][ T0] ACPI: Using ACPI (MADT) for SMP configuration information
[ 1.208826][ T0] ACPI: HPET id: 0x8086a201 base: 0xfed00000
[ 1.216072][ T0] TSC deadline timer available
[ 1.221403][ T0] CPU topo: Max. logical packages: 2
[ 1.241128][ T0] CPU topo: Max. logical dies: 2
[ 1.247482][ T0] CPU topo: Max. dies per package: 1
[ 1.253874][ T0] CPU topo: Max. threads per core: 2
[ 1.263039][ T0] CPU topo: Num. cores per package: 2
[ 1.283892][ T0] CPU topo: Num. threads per package: 4
[ 1.289285][ T0] CPU topo: Allowing 4 present CPUs plus 4 hotplug CPUs
[ 1.295338][ T0] kvm-guest: APIC: eoi() replaced with kvm_guest_apic_eoi_write()
[ 1.302089][ T0] kvm-guest: KVM setup pv remote TLB flush
[ 1.323479][ T0] kvm-guest: setup PV sched yield
[ 1.342303][ T0] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
[ 1.349085][ T0] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
[ 1.366247][ T0] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff]
[ 1.384872][ T0] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff]
[ 1.392533][ T0] PM: hibernation: Registered nosave memory: [mem 0x7ffdd000-0x7fffffff]
[ 1.415961][ T0] PM: hibernation: Registered nosave memory: [mem 0x80000000-0xafffffff]
[ 1.424770][ T0] PM: hibernation: Registered nosave memory: [mem 0xb0000000-0xbfffffff]
[ 1.441965][ T0] PM: hibernation: Registered nosave memory: [mem 0xc0000000-0xfed1bfff]
[ 1.449898][ T0] PM: hibernation: Registered nosave memory: [mem 0xfed1c000-0xfed1ffff]
[ 1.472120][ T0] PM: hibernation: Registered nosave memory: [mem 0xfed20000-0xfeffbfff]
[ 1.479879][ T0] PM: hibernation: Registered nosave memory: [mem 0xfeffc000-0xfeffffff]
[ 1.499926][ T0] PM: hibernation: Registered nosave memory: [mem 0xff000000-0xfffbffff]
[ 1.507734][ T0] PM: hibernation: Registered nosave memory: [mem 0xfffc0000-0xffffffff]
[ 1.531586][ T0] [mem 0xc0000000-0xfed1bfff] available for PCI devices
[ 1.554509][ T0] Booting paravirtualized kernel on KVM
[ 1.574262][ T0] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 1.971840][ T0] setup_percpu: NR_CPUS:8 nr_cpumask_bits:8 nr_cpu_ids:8 nr_node_ids:2
[ 2.002418][ T0] percpu: Embedded 74 pages/cpu s264712 r8192 d30200 u1048576
[ 2.027478][ T0] kvm-guest: PV spinlocks enabled
[ 2.032099][ T0] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
[ 2.060386][ T0] Kernel command line: earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff root=/dev/sda console=ttyS0 vsyscall=native numa=fake=2 kvm-intel.nested=1 spec_store_bypass_disable=prctl nopcid vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 netrom.nr_ndevs=16 rose.rose_ndevs=16 smp.csd_lock_timeout=100000 watchdog_thresh=55 workqueue.watchdog_thresh=140 sysctl.net.core.netdev_unregister_timeout_secs=140 dummy_hcd.num=8 panic_on_warn=1 root=/dev/sda console=ttyS0 root=/dev/sda1
[ 2.267161][ T0] Unknown kernel command line parameters "spec_store_bypass_disable=prctl", will be passed to user space.
[ 2.290316][ T0] random: crng init done
[ 2.297013][ T0] Fallback order for Node 0: 0 1
[ 2.297040][ T0] Fallback order for Node 1: 1 0
[ 2.297061][ T0] Built 2 zonelists, mobility grouping on. Total pages: 1048443
[ 2.317822][ T0] Policy zone: Normal
[ 2.323568][ T0] mem auto-init: stack:all(zero), heap alloc:on, heap free:off, mlocked free:off
[ 2.335025][ T0] stackdepot: allocating hash table via alloc_large_system_hash
[ 2.343840][ T0] stackdepot hash table entries: 1048576 (order: 12, 16777216 bytes, linear)
[ 2.359746][ T0] software IO TLB: area num 8.
[ 3.405888][ T0] Memory: 3146484K/4193772K available (165888K kernel code, 39325K rwdata, 37252K rodata, 26020K init, 34352K bss, 1047032K reserved, 0K cma-reserved)
[ 3.437792][ T0] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=2
[ 3.624464][ T0] allocated 83886080 bytes of page_ext
[ 3.644749][ T0] Node 0, zone DMA: page owner found early allocated 0 pages
[ 3.683866][ T0] Node 0, zone DMA32: page owner found early allocated 10355 pages
[ 3.716568][ T0] Node 1, zone Normal: page owner found early allocated 10243 pages
[ 3.737747][ T0] Dynamic Preempt: full
[ 3.743332][ T0] Running RCU self tests
[ 3.758717][ T0] Running RCU synchronous self tests
[ 3.762707][ T0] rcu: Preemptible hierarchical RCU implementation.
[ 3.767507][ T0] rcu: RCU lockdep checking is enabled.
[ 3.771587][ T0] rcu: RCU callback double-/use-after-free debug is enabled.
[ 3.793288][ T0] rcu: RCU debug extended QS entry/exit.
[ 3.797444][ T0] All grace periods are expedited (rcu_expedited).
[ 3.801864][ T0] Trampoline variant of Tasks RCU enabled.
[ 3.822686][ T0] Tracing variant of Tasks RCU enabled.
[ 3.826932][ T0] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
[ 3.833321][ T0] Running RCU synchronous self tests
[ 3.837102][ T0] RCU Tasks: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1.
[ 3.859356][ T0] RCU Tasks Trace: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1.
[ 4.204577][ T0] NR_IRQS: 4352, nr_irqs: 488, preallocated irqs: 16
[ 4.214743][ T0] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[ 4.223627][ T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88816da00000-0xffff88816dc00000
[ 4.321921][ T0] Console: colour VGA+ 80x25
[ 4.339121][ T0] printk: legacy console [ttyS0] enabled
[ 4.339121][ T0] printk: legacy console [ttyS0] enabled
[ 4.355780][ T0] printk: legacy bootconsole [earlyser0] disabled
[ 4.355780][ T0] printk: legacy bootconsole [earlyser0] disabled
[ 4.391383][ T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar
[ 4.400039][ T0] ... MAX_LOCKDEP_SUBCLASSES: 8
[ 4.420297][ T0] ... MAX_LOCK_DEPTH: 48
[ 4.426179][ T0] ... MAX_LOCKDEP_KEYS: 8192
[ 4.430910][ T0] ... CLASSHASH_SIZE: 4096
[ 4.450679][ T0] ... MAX_LOCKDEP_ENTRIES: 131072
[ 4.456846][ T0] ... MAX_LOCKDEP_CHAINS: 262144
[ 4.461231][ T0] ... CHAINHASH_SIZE: 131072
[ 4.465700][ T0] memory used by lock dependency info: 20721 kB
[ 4.485269][ T0] memory used for stack traces: 8320 kB
[ 4.491207][ T0] per task-struct memory footprint: 1920 bytes
[ 4.496942][ T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl
[ 4.524014][ T0] ACPI: Core revision 20240322
[ 4.545766][ T0] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
[ 4.556580][ T0] APIC: Switch to symmetric I/O mode setup
[ 4.570706][ T0] DMAR: Host address width 39
[ 4.576514][ T0] DMAR: DRHD base: 0x000000fed90000 flags: 0x0
[ 4.592477][ T0] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap d2008c22260206 ecap f00f5e
[ 4.615591][ T0] DMAR: ATSR flags: 0x1
[ 4.620410][ T0] DMAR-IR: IOAPIC id 0 under DRHD base 0xfed90000 IOMMU 0
[ 4.628004][ T0] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping.
[ 4.644365][ T0] DMAR-IR: Enabled IRQ remapping in x2apic mode
[ 4.651909][ T0] x2apic enabled
[ 4.656979][ T0] APIC: Switched APIC routing to: cluster x2apic
[ 4.666232][ T0] kvm-guest: APIC: send_IPI_mask() replaced with kvm_send_ipi_mask()
[ 4.676198][ T0] kvm-guest: APIC: send_IPI_mask_allbutself() replaced with kvm_send_ipi_mask_allbutself()
[ 4.688099][ T0] kvm-guest: setup PV IPIs
[ 4.713106][ T0] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[ 4.721738][ T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x257a5699b94, max_idle_ns: 440795293402 ns
[ 4.735241][ T0] Calibrating delay loop (skipped) preset value.. 5200.05 BogoMIPS (lpj=26000280)
[ 4.746569][ T0] x86/cpu: User Mode Instruction Prevention (UMIP) activated
[ 4.756436][ T0] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[ 4.763678][ T0] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0
[ 4.765324][ T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 4.775321][ T0] Spectre V2 : WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!
[ 4.785259][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on vm exit
[ 4.795240][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on syscall
[ 4.801671][ T0] Spectre V2 : Mitigation: Enhanced / Automatic IBRS
[ 4.805239][ T0] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 4.815240][ T0] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT
[ 4.822438][ T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[ 4.825324][ T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
[ 4.835554][ T0] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode
[ 4.845240][ T0] GDS: Unknown: Dependent on hypervisor status
[ 4.850601][ T0] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[ 4.855241][ T0] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[ 4.861002][ T0] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[ 4.865247][ T0] x86/fpu: Supporting XSAVE feature 0x020: 'AVX-512 opmask'
[ 4.875241][ T0] x86/fpu: Supporting XSAVE feature 0x040: 'AVX-512 Hi256'
[ 4.882447][ T0] x86/fpu: Supporting XSAVE feature 0x080: 'AVX-512 ZMM_Hi256'
[ 4.885242][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
[ 4.895239][ T0] x86/fpu: xstate_offset[5]: 832, xstate_sizes[5]: 64
[ 4.905242][ T0] x86/fpu: xstate_offset[6]: 896, xstate_sizes[6]: 512
[ 4.912101][ T0] x86/fpu: xstate_offset[7]: 1408, xstate_sizes[7]: 1024
[ 4.915240][ T0] x86/fpu: Enabled xstate features 0xe7, context size is 2432 bytes, using 'compacted' format.
[ 5.334541][ T0] Freeing SMP alternatives memory: 120K
[ 5.335245][ T0] pid_max: default: 32768 minimum: 301
[ 5.346051][ T0] LSM: initializing lsm=lockdown,capability,landlock,yama,safesetid,tomoyo,selinux,ima,evm
[ 5.355448][ T0] landlock: Up and running.
[ 5.365243][ T0] Yama: becoming mindful.
[ 5.369203][ T0] TOMOYO Linux initialized
[ 5.373482][ T0] SELinux: Initializing.
[ 5.380549][ T0] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage)
[ 5.402166][ T0] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, vmalloc)
[ 5.405759][ T0] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc)
[ 5.415635][ T0] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc)
[ 5.437801][ T0] Running RCU synchronous self tests
[ 5.443126][ T0] Running RCU synchronous self tests
[ 5.447457][ T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.60GHz (family: 0x6, model: 0x6a, stepping: 0x6)
[ 5.477006][ T1] Running RCU Tasks wait API self tests
[ 5.481509][ T1] Running RCU Tasks Trace wait API self tests
[ 5.485485][ T1] Performance Events: unsupported p6 CPU model 106 no PMU driver, software events only.
[ 5.495475][ T1] signal: max sigframe size: 3632
[ 5.505528][ T1] rcu: Hierarchical SRCU implementation.
[ 5.509703][ T1] rcu: Max phase no-delay instances is 1000.
[ 5.514385][ T15] Callback from call_rcu_tasks_trace() invoked.
[ 5.554691][ T1] NMI watchdog: Perf NMI watchdog permanently disabled
[ 5.566703][ T1] smp: Bringing up secondary CPUs ...
[ 5.574593][ T1] smpboot: x86: Booting SMP configuration:
[ 5.575360][ T1] .... node #0, CPUs: #2
[ 5.592335][ T1] #1 #3
[ 5.626195][ T1] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details.
[ 5.645754][ T1] smp: Brought up 2 nodes, 4 CPUs
[ 5.649268][ T1] smpboot: Total of 4 processors activated (20800.22 BogoMIPS)
[ 5.697848][ T14] Callback from call_rcu_tasks() invoked.
[ 5.702792][ T1] devtmpfs: initialized
[ 5.707503][ T1] x86/mm: Memory block size: 128MB
[ 5.901247][ T1] Running RCU synchronous self tests
[ 5.925274][ T1] Running RCU synchronous self tests
[ 5.945465][ T1] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 5.956511][ T1] futex hash table entries: 2048 (order: 6, 262144 bytes, vmalloc)
[ 5.975164][ T1] PM: RTC time: 17:13:16, date: 2024-05-29
[ 6.001351][ T1] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[ 6.031312][ T1] audit: initializing netlink subsys (disabled)
[ 6.055299][ T39] audit: type=2000 audit(1717002796.547:1): state=initialized audit_enabled=0 res=1
[ 6.055220][ T1] thermal_sys: Registered thermal governor 'step_wise'
[ 6.055220][ T1] thermal_sys: Registered thermal governor 'user_space'
[ 6.095235][ T1] cpuidle: using governor menu
[ 6.107196][ T1] NET: Registered PF_QIPCRTR protocol family
[ 6.115707][ T1] dca service started, version 1.12.1
[ 6.121818][ T1] PCI: ECAM [mem 0xb0000000-0xbfffffff] (base 0xb0000000) for domain 0000 [bus 00-ff]
[ 6.135300][ T1] PCI: ECAM [mem 0xb0000000-0xbfffffff] reserved as E820 entry
[ 6.299380][ T1] PCI: Using configuration type 1 for base access
[ 6.410985][ T1] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
[ 6.415250][ T1] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
[ 6.422247][ T1] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
[ 6.425258][ T1] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
[ 6.445903][ T1] Demotion targets for Node 0: null
[ 6.450074][ T1] Demotion targets for Node 1: null
[ 6.516247][ T1] cryptd: max_cpu_qlen set to 1000
[ 6.529147][ T1] raid6: skipped pq benchmark and selected avx512x4
[ 6.535282][ T1] raid6: using avx512x2 recovery algorithm
[ 6.543172][ T1] ACPI: Added _OSI(Module Device)
[ 6.545269][ T1] ACPI: Added _OSI(Processor Device)
[ 6.550177][ T1] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 6.551494][ T1] ACPI: Added _OSI(Processor Aggregator Device)
[ 6.912523][ T1] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 7.005341][ T1] ACPI: _OSC evaluation for CPUs failed, trying _PDC
[ 7.029567][ T1] ACPI: Interpreter enabled
[ 7.045934][ T1] ACPI: PM: (supports S0 S3 S4 S5)
[ 7.049687][ T1] ACPI: Using IOAPIC for interrupt routing
[ 7.056327][ T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 7.065340][ T1] PCI: Using E820 reservations for host bridge windows
[ 7.081117][ T1] ACPI: Enabled 4 GPEs in block 00 to 3F
[ 7.581011][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 7.585378][ T1] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
[ 7.612093][ T1] acpi PNP0A08:00: _OSC: platform does not support [PCIeHotplug LTR]
[ 7.656472][ T1] acpi PNP0A08:00: _OSC: OS now controls [PME AER PCIeCapability]
[ 7.679339][ T1] PCI host bridge to bus 0000:00
[ 7.683291][ T1] pci_bus 0000:00: Unknown NUMA node; performance will be reduced
[ 7.705305][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
[ 7.711917][ T1] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
[ 7.725925][ T1] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[ 7.732273][ T1] pci_bus 0000:00: root bus resource [mem 0x80000000-0xafffffff window]
[ 7.745300][ T1] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window]
[ 7.752712][ T1] pci_bus 0000:00: root bus resource [mem 0x580000000-0xd7fffffff window]
[ 7.755305][ T1] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 7.762574][ T1] pci 0000:00:00.0: [8086:29c0] type 00 class 0x060000 conventional PCI endpoint
[ 7.786709][ T1] pci 0000:00:01.0: [1af4:1050] type 00 class 0x030000 conventional PCI endpoint
[ 7.817411][ T1] pci 0000:00:01.0: BAR 0 [mem 0xfd800000-0xfdffffff pref]
[ 7.837253][ T1] pci 0000:00:01.0: BAR 2 [mem 0xfe200000-0xfe203fff 64bit pref]
[ 7.865432][ T1] pci 0000:00:01.0: BAR 4 [mem 0xfeaf4000-0xfeaf4fff]
[ 7.889632][ T1] pci 0000:00:01.0: ROM [mem 0xfeae0000-0xfeaeffff pref]
[ 7.906969][ T1] pci 0000:00:01.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[ 7.935394][ T1] pci 0000:00:01.0: pci_fixup_video+0x0/0x340 took 29296 usecs
[ 7.955925][ T1] pci 0000:00:02.0: [8086:10d3] type 00 class 0x020000 PCIe Root Complex Integrated Endpoint
[ 7.989449][ T1] pci 0000:00:02.0: BAR 0 [mem 0xfea80000-0xfea9ffff]
[ 8.009044][ T1] pci 0000:00:02.0: BAR 1 [mem 0xfeaa0000-0xfeabffff]
[ 8.035259][ T1] pci 0000:00:02.0: BAR 2 [io 0xc080-0xc09f]
[ 8.043764][ T1] pci 0000:00:02.0: BAR 3 [mem 0xfeaf0000-0xfeaf3fff]
[ 8.055219][ T1] pci 0000:00:02.0: ROM [mem 0xfea00000-0xfea3ffff pref]
[ 8.088748][ T1] pci 0000:00:03.0: [1af4:1005] type 00 class 0x00ff00 conventional PCI endpoint
[ 8.098627][ T1] pci 0000:00:03.0: BAR 0 [io 0xc0a0-0xc0bf]
[ 8.108306][ T1] pci 0000:00:03.0: BAR 1 [mem 0xfeaf5000-0xfeaf5fff]
[ 8.117451][ T1] pci 0000:00:03.0: BAR 4 [mem 0xfe204000-0xfe207fff 64bit pref]
[ 8.180218][ T1] pci 0000:00:04.0: [8086:3420] type 01 class 0x060400 PCIe Root Port
[ 8.220107][ T1] pci 0000:00:04.0: PCI bridge to [bus 01]
[ 8.245588][ T1] pci 0000:00:04.0: bridge window [mem 0xfe800000-0xfe9fffff]
[ 8.266786][ T1] pci 0000:00:04.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref]
[ 8.295955][ T1] pci 0000:00:05.0: [1af4:1009] type 00 class 0x000200 conventional PCI endpoint
[ 8.305254][ T1] pci 0000:00:05.0: BAR 0 [io 0xc0c0-0xc0df]
[ 8.335314][ T1] pci 0000:00:05.0: BAR 1 [mem 0xfeaf6000-0xfeaf6fff]
[ 8.375277][ T1] pci 0000:00:05.0: BAR 4 [mem 0xfe208000-0xfe20bfff 64bit pref]
[ 8.413649][ T1] pci 0000:00:06.0: [8086:100e] type 00 class 0x020000 conventional PCI endpoint
[ 8.426580][ T1] pci 0000:00:06.0: BAR 0 [mem 0xfeac0000-0xfeadffff]
[ 8.437704][ T1] pci 0000:00:06.0: BAR 1 [io 0xc000-0xc03f]
[ 8.452413][ T1] pci 0000:00:06.0: ROM [mem 0xfea40000-0xfea7ffff pref]
[ 8.488312][ T1] pci 0000:00:1d.0: [8086:2934] type 00 class 0x0c0300 conventional PCI endpoint
[ 8.520570][ T1] pci 0000:00:1d.0: BAR 4 [io 0xc0e0-0xc0ff]
[ 8.533944][ T1] pci 0000:00:1d.1: [8086:2935] type 00 class 0x0c0300 conventional PCI endpoint
[ 8.553037][ T1] pci 0000:00:1d.1: BAR 4 [io 0xc100-0xc11f]
[ 8.581319][ T1] pci 0000:00:1d.2: [8086:2936] type 00 class 0x0c0300 conventional PCI endpoint
[ 8.606806][ T1] pci 0000:00:1d.2: BAR 4 [io 0xc120-0xc13f]
[ 8.629104][ T1] pci 0000:00:1d.7: [8086:293a] type 00 class 0x0c0320 conventional PCI endpoint
[ 8.634278][ T1] pci 0000:00:1d.7: BAR 0 [mem 0xfeaf7000-0xfeaf7fff]
[ 8.678769][ T1] pci 0000:00:1f.0: [8086:2918] type 00 class 0x060100 conventional PCI endpoint
[ 8.690625][ T1] pci 0000:00:1f.0: quirk: [io 0x0600-0x067f] claimed by ICH6 ACPI/GPIO/TCO
[ 8.700987][ T1] pci 0000:00:1f.2: [8086:2922] type 00 class 0x010601 conventional PCI endpoint
[ 8.719078][ T1] pci 0000:00:1f.2: BAR 4 [io 0xc140-0xc15f]
[ 8.726038][ T1] pci 0000:00:1f.2: BAR 5 [mem 0xfeaf8000-0xfeaf8fff]
[ 8.735219][ T1] pci 0000:00:1f.3: [8086:2930] type 00 class 0x0c0500 conventional PCI endpoint
[ 8.746918][ T1] pci 0000:00:1f.3: BAR 4 [io 0x0700-0x073f]
[ 8.763041][ T1] pci 0000:00:04.0: PCI bridge to [bus 01]
[ 8.765491][ T1] ACPI: PCI: Interrupt link LNKA configured for IRQ 10
[ 8.775219][ T1] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
[ 8.792294][ T1] ACPI: PCI: Interrupt link LNKC configured for IRQ 11
[ 8.814554][ T1] ACPI: PCI: Interrupt link LNKD configured for IRQ 11
[ 8.815219][ T1] ACPI: PCI: Interrupt link LNKE configured for IRQ 10
[ 8.815219][ T1] ACPI: PCI: Interrupt link LNKF configured for IRQ 10
[ 8.815219][ T1] ACPI: PCI: Interrupt link LNKG configured for IRQ 11
[ 8.839554][ T1] ACPI: PCI: Interrupt link LNKH configured for IRQ 11
[ 8.845219][ T1] ACPI: PCI: Interrupt link GSIA configured for IRQ 16
[ 8.845219][ T1] ACPI: PCI: Interrupt link GSIB configured for IRQ 17
[ 8.856161][ T1] ACPI: PCI: Interrupt link GSIC configured for IRQ 18
[ 8.866194][ T1] ACPI: PCI: Interrupt link GSID configured for IRQ 19
[ 8.876219][ T1] ACPI: PCI: Interrupt link GSIE configured for IRQ 20
[ 8.886241][ T1] ACPI: PCI: Interrupt link GSIF configured for IRQ 21
[ 8.896830][ T1] ACPI: PCI: Interrupt link GSIG configured for IRQ 22
[ 8.903212][ T1] ACPI: PCI: Interrupt link GSIH configured for IRQ 23
[ 9.046600][ T1] iommu: Default domain type: Translated
[ 9.048928][ T1] iommu: DMA domain TLB invalidation policy: lazy mode
[ 9.068955][ T1] SCSI subsystem initialized
[ 9.077525][ T1] ACPI: bus type USB registered
[ 9.086193][ T1] usbcore: registered new interface driver usbfs
[ 9.091758][ T1] usbcore: registered new interface driver hub
[ 9.095697][ T1] usbcore: registered new device driver usb
[ 9.103804][ T1] mc: Linux media interface: v0.10
[ 9.105530][ T1] videodev: Linux video capture interface: v2.00
[ 9.112575][ T1] pps_core: LinuxPPS API ver. 1 registered
[ 9.115251][ T1] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 9.125516][ T1] PTP clock support registered
[ 9.135504][ T1] EDAC MC: Ver: 3.0.0
[ 9.150038][ T1] Advanced Linux Sound Architecture Driver Initialized.
[ 9.175340][ T1] Bluetooth: Core ver 2.22
[ 9.178872][ T1] NET: Registered PF_BLUETOOTH protocol family
[ 9.183030][ T1] Bluetooth: HCI device and connection manager initialized
[ 9.185345][ T1] Bluetooth: HCI socket layer initialized
[ 9.190481][ T1] Bluetooth: L2CAP socket layer initialized
[ 9.195431][ T1] Bluetooth: SCO socket layer initialized
[ 9.205509][ T1] NET: Registered PF_ATMPVC protocol family
[ 9.215254][ T1] NET: Registered PF_ATMSVC protocol family
[ 9.220876][ T1] NetLabel: Initializing
[ 9.224610][ T1] NetLabel: domain hash size = 128
[ 9.225251][ T1] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
[ 9.231546][ T1] NetLabel: unlabeled traffic allowed by default
[ 9.238298][ T1] nfc: nfc_init: NFC Core ver 0.1
[ 9.243273][ T1] NET: Registered PF_NFC protocol family
[ 9.245501][ T1] PCI: Using ACPI for IRQ routing
[ 9.825662][ T1] pci 0000:00:01.0: vgaarb: setting as boot VGA device
[ 9.830473][ T1] pci 0000:00:01.0: vgaarb: bridge control possible
[ 9.835219][ T1] pci 0000:00:01.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
[ 9.835219][ T1] vgaarb: loaded
[ 9.839670][ T1] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[ 9.845219][ T1] hpet0: 3 comparators, 64-bit 100.000000 MHz counter
[ 9.885219][ T1] clocksource: Switched to clocksource kvm-clock
[ 9.896533][ T1] VFS: Disk quotas dquot_6.6.0
[ 9.919955][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 9.967714][ T1] netfs: FS-Cache loaded
[ 9.972917][ T1] CacheFiles: Loaded
[ 9.976755][ T1] TOMOYO: 2.6.0
[ 9.979319][ T1] Mandatory Access Control activated.
[ 9.984868][ T1] pnp: PnP ACPI init
[ 10.021783][ T1] system 00:06: [mem 0xb0000000-0xbfffffff window] has been reserved
[ 10.084482][ T1] pnp: PnP ACPI: found 7 devices
[ 10.199794][ T1] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[ 10.211486][ T1] NET: Registered PF_INET protocol family
[ 10.239808][ T1] IP idents hash table entries: 65536 (order: 7, 524288 bytes, vmalloc)
[ 10.274436][ T1] tcp_listen_portaddr_hash hash table entries: 2048 (order: 5, 147456 bytes, vmalloc)
[ 10.282449][ T1] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, vmalloc)
[ 10.296817][ T1] TCP established hash table entries: 32768 (order: 6, 262144 bytes, vmalloc)
[ 10.331462][ T1] TCP bind hash table entries: 32768 (order: 10, 4718592 bytes, vmalloc hugepage)
[ 10.364585][ T1] TCP: Hash tables configured (established 32768 bind 32768)
[ 10.384175][ T1] MPTCP token hash table entries: 4096 (order: 6, 360448 bytes, vmalloc)
[ 10.404463][ T1] UDP hash table entries: 2048 (order: 6, 327680 bytes, vmalloc)
[ 10.423742][ T1] UDP-Lite hash table entries: 2048 (order: 6, 327680 bytes, vmalloc)
[ 10.433489][ T1] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 10.447835][ T1] RPC: Registered named UNIX socket transport module.
[ 10.454249][ T1] RPC: Registered udp transport module.
[ 10.460433][ T1] RPC: Registered tcp transport module.
[ 10.464208][ T1] RPC: Registered tcp-with-tls transport module.
[ 10.469449][ T1] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 10.481728][ T1] NET: Registered PF_XDP protocol family
[ 10.486960][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x0fff] to [bus 01] add_size 1000
[ 10.496367][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x1fff]: assigned
[ 10.503505][ T1] pci 0000:00:04.0: PCI bridge to [bus 01]
[ 10.508751][ T1] pci 0000:00:04.0: bridge window [io 0x1000-0x1fff]
[ 10.516877][ T1] pci 0000:00:04.0: bridge window [mem 0xfe800000-0xfe9fffff]
[ 10.524729][ T1] pci 0000:00:04.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref]
[ 10.535474][ T1] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
[ 10.547704][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 10.554353][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 10.561584][ T1] pci_bus 0000:00: resource 7 [mem 0x80000000-0xafffffff window]
[ 10.568821][ T1] pci_bus 0000:00: resource 8 [mem 0xc0000000-0xfebfffff window]
[ 10.575992][ T1] pci_bus 0000:00: resource 9 [mem 0x580000000-0xd7fffffff window]
[ 10.590729][ T1] pci_bus 0000:01: resource 0 [io 0x1000-0x1fff]
[ 10.613346][ T1] pci_bus 0000:01: resource 1 [mem 0xfe800000-0xfe9fffff]
[ 10.619888][ T1] pci_bus 0000:01: resource 2 [mem 0xfe000000-0xfe1fffff 64bit pref]
[ 10.712130][ T1] ACPI: \_SB_.GSIA: Enabled at IRQ 16
[ 10.829994][ T1] pci 0000:00:1d.0: quirk_usb_early_handoff+0x0/0x1440 took 183920 usecs
[ 10.919700][ T1] ACPI: \_SB_.GSIB: Enabled at IRQ 17
[ 11.035228][ T1] pci 0000:00:1d.1: quirk_usb_early_handoff+0x0/0x1440 took 183220 usecs
[ 11.137245][ T1] ACPI: \_SB_.GSIC: Enabled at IRQ 18
[ 11.191857][ T1] pci 0000:00:1d.2: quirk_usb_early_handoff+0x0/0x1440 took 144454 usecs
[ 11.246639][ T1] ACPI: \_SB_.GSID: Enabled at IRQ 19
[ 11.324416][ T1] pci 0000:00:1d.7: quirk_usb_early_handoff+0x0/0x1440 took 121091 usecs
[ 11.334699][ T1] PCI: CLS 0 bytes, default 64
[ 11.341000][ T1] DMAR: No RMRR found
[ 11.345800][ T1] DMAR: No SATC found
[ 11.349716][ T1] DMAR: dmar0: Using Queued invalidation
[ 11.359605][ T1] pci 0000:00:00.0: Adding to iommu group 0
[ 11.367020][ T1] pci 0000:00:01.0: Adding to iommu group 1
[ 11.374422][ T1] pci 0000:00:02.0: Adding to iommu group 2
[ 11.376581][ T73] kworker/u32:3 (73) used greatest stack depth: 27984 bytes left
[ 11.382040][ T1] pci 0000:00:03.0: Adding to iommu group 3
[ 11.393084][ T1] pci 0000:00:04.0: Adding to iommu group 4
[ 11.399653][ T1] pci 0000:00:05.0: Adding to iommu group 5
[ 11.407030][ T1] pci 0000:00:06.0: Adding to iommu group 6
[ 11.413440][ T1] pci 0000:00:1d.0: Adding to iommu group 7
[ 11.419360][ T1] pci 0000:00:1d.1: Adding to iommu group 7
[ 11.425476][ T1] pci 0000:00:1d.2: Adding to iommu group 7
[ 11.431539][ T1] pci 0000:00:1d.7: Adding to iommu group 7
[ 11.437854][ T1] pci 0000:00:1f.0: Adding to iommu group 8
[ 11.444268][ T1] pci 0000:00:1f.2: Adding to iommu group 8
[ 11.450819][ T1] pci 0000:00:1f.3: Adding to iommu group 8
[ 11.580726][ T1] DMAR: Intel(R) Virtualization Technology for Directed I/O
[ 11.587173][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 11.595649][ T1] software IO TLB: mapped [mem 0x0000000067000000-0x000000006b000000] (64MB)
[ 11.603420][ T1] ACPI: bus type thunderbolt registered
[ 11.619740][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 12.924655][ T1] kvm_amd: CPU 2 isn't AMD or Hygon
[ 12.929490][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x257a5699b94, max_idle_ns: 440795293402 ns
[ 13.027935][ T1] clocksource: Switched to clocksource tsc
[ 13.033829][ T77] kworker/u32:3 (77) used greatest stack depth: 26976 bytes left
[ 13.482469][ T1] Initialise system trusted keyrings
[ 13.492258][ T1] workingset: timestamp_bits=40 max_order=20 bucket_order=0
[ 13.535962][ T1] DLM installed
[ 13.545829][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 13.563187][ T1] NFS: Registering the id_resolver key type
[ 13.569668][ T1] Key type id_resolver registered
[ 13.576444][ T1] Key type id_legacy registered
[ 13.580889][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 13.588179][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 13.654321][ T1] Key type cifs.spnego registered
[ 13.659636][ T1] Key type cifs.idmap registered
[ 13.665129][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 13.669184][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 13.673943][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 13.694479][ T1] jffs2: version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat, Inc.
[ 13.703827][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 13.708060][ T1] QNX4 filesystem 0.2.3 registered.
[ 13.728856][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 13.734021][ T1] fuse: init (API version 7.40)
[ 13.757163][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 13.773966][ T1] orangefs_init: module version upstream loaded
[ 13.781509][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 13.936806][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 13.954290][ T1] 9p: Installing v9fs 9p2000 file system support
[ 13.959687][ T1] NILFS version 2 loaded
[ 13.963616][ T1] befs: version: 0.9.3
[ 13.967686][ T1] ocfs2: Registered cluster interface o2cb
[ 13.991811][ T1] ocfs2: Registered cluster interface user
[ 13.999757][ T1] OCFS2 User DLM kernel interface loaded
[ 14.050761][ T1] gfs2: GFS2 installed
[ 14.078245][ T1] ceph: loaded (mds proto 32)
[ 14.130606][ T1] NET: Registered PF_ALG protocol family
[ 14.137462][ T1] xor: automatically using best checksumming function avx
[ 14.146691][ T1] async_tx: api initialized (async)
[ 14.153954][ T1] Key type asymmetric registered
[ 14.159861][ T1] Asymmetric key parser 'x509' registered
[ 14.167162][ T1] Asymmetric key parser 'pkcs8' registered
[ 14.173975][ T1] Key type pkcs7_test registered
[ 14.184116][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239)
[ 14.191941][ T1] io scheduler mq-deadline registered
[ 14.201781][ T1] io scheduler kyber registered
[ 14.217231][ T1] io scheduler bfq registered
[ 14.249472][ T155] kworker/u32:1 (155) used greatest stack depth: 26752 bytes left
[ 14.312172][ T1] ACPI: \_SB_.GSIE: Enabled at IRQ 20
[ 14.327576][ T1] pcieport 0000:00:04.0: PME: Signaling with IRQ 25
[ 14.362172][ T1] pcieport 0000:00:04.0: AER: enabled with IRQ 26
[ 14.406590][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 14.428178][ T1] ACPI: button: Power Button [PWRF]
[ 15.390057][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 15.456798][ T1] ACPI: \_SB_.GSIF: Enabled at IRQ 21
[ 15.587338][ T1] ACPI: \_SB_.GSIH: Enabled at IRQ 23
[ 16.715982][ T1] N_HDLC line discipline registered with maxframe=4096
[ 16.727511][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 16.745453][ T1] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 16.816064][ T1] Non-volatile memory driver v1.3
[ 16.839141][ T1] Linux agpgart interface v0.103
[ 16.850970][ T1] ACPI: bus type drm_connector registered
[ 16.872065][ T1] [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[ 16.906250][ T1] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
[ 17.038865][ T1] Console: switching to colour frame buffer device 128x48
[ 17.068774][ T1] platform vkms: [drm] fb0: vkmsdrmfb frame buffer device
[ 17.075224][ T1] usbcore: registered new interface driver udl
[ 17.087666][ T1] [drm] pci: virtio-vga detected at 0000:00:01.0
[ 17.100651][ T1] virtio-pci 0000:00:01.0: vgaarb: deactivate vga console
[ 17.116178][ T1] [drm] features: -virgl +edid -resource_blob -host_visible
[ 17.116197][ T1] [drm] features: -context_init
[ 17.135875][ T1] [drm] number of scanouts: 1
[ 17.139155][ T1] [drm] number of cap sets: 0
[ 17.153917][ T1] [drm] Initialized virtio_gpu 0.1.0 0 for 0000:00:01.0 on minor 2
[ 17.243317][ T1] fbcon: virtio_gpudrmfb (fb1) is primary device
[ 17.243344][ T1] fbcon: Remapping primary device, fb1, to tty 1-63
[ 17.517544][ C1] vkms_vblank_simulate: vblank timer overrun
[ 294.372493][ T40] INFO: task swapper/0:1 blocked for more than 143 seconds.
[ 294.372523][ T40] Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 294.372534][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 294.372540][ T40] task:swapper/0 state:D stack:22192 pid:1 tgid:1 ppid:0 flags:0x00004000
[ 294.372568][ T40] Call Trace:
[ 294.372575][ T40] <TASK>
[ 294.372583][ T40] __schedule+0xf15/0x5d00
[ 294.372612][ T40] ? __pfx___lock_acquire+0x10/0x10
[ 294.372636][ T40] ? __pfx___lock_acquire+0x10/0x10
[ 294.372660][ T40] ? __pfx___schedule+0x10/0x10
[ 294.372680][ T40] ? schedule+0x298/0x350
[ 294.372700][ T40] ? __pfx_lock_release+0x10/0x10
[ 294.372722][ T40] ? __ww_mutex_lock.constprop.0+0xf50/0x2650
[ 294.372747][ T40] ? __mutex_trylock_common+0x78/0x250
[ 294.372773][ T40] schedule+0xe7/0x350
[ 294.372793][ T40] schedule_preempt_disabled+0x13/0x30
[ 294.372816][ T40] __ww_mutex_lock.constprop.0+0xf55/0x2650
[ 294.372841][ T40] ? ret_from_fork+0x45/0x80
[ 294.372863][ T40] ? ret_from_fork_asm+0x1a/0x30
[ 294.372887][ T40] ? modeset_lock+0x488/0x6c0
[ 294.372911][ T40] ? __pfx___ww_mutex_lock.constprop.0+0x10/0x10
[ 294.372970][ T40] ? __pfx___might_resched+0x10/0x10
[ 294.372987][ T40] ? ww_mutex_lock+0x37/0x140
[ 294.373000][ T40] ww_mutex_lock+0x37/0x140
[ 294.373021][ T40] modeset_lock+0x488/0x6c0
[ 294.373046][ T40] drm_modeset_lock+0x59/0x90
[ 294.373062][ T40] drm_atomic_get_plane_state+0x19d/0x590
[ 294.373082][ T40] drm_client_modeset_commit_atomic+0x246/0x810
[ 294.373101][ T40] ? trace_contention_end+0xea/0x140
[ 294.373117][ T40] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[ 294.373138][ T40] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 294.373165][ T40] drm_client_modeset_commit_locked+0x14d/0x580
[ 294.373183][ T40] drm_fb_helper_pan_display+0x2a5/0x990
[ 294.373205][ T40] ? irqentry_exit+0x3b/0x90
[ 294.373221][ T40] fb_pan_display+0x477/0x7d0
[ 294.373238][ T40] ? __pfx_drm_fb_helper_pan_display+0x10/0x10
[ 294.373260][ T40] bit_update_start+0x49/0x1f0
[ 294.373283][ T40] fbcon_switch+0xbbf/0x12f0
[ 294.373304][ T40] ? __pfx_fbcon_switch+0x10/0x10
[ 294.373327][ T40] ? __pfx_bit_cursor+0x10/0x10
[ 294.373347][ T40] ? fbcon_cursor+0x3bf/0x520
[ 294.373366][ T40] ? is_console_locked+0x9/0x20
[ 294.373385][ T40] ? con_is_visible+0x65/0x150
[ 294.373401][ T40] redraw_screen+0x2bf/0x760
[ 294.373422][ T40] ? fbcon_prepare_logo+0x8e5/0xc70
[ 294.373443][ T40] ? __pfx_redraw_screen+0x10/0x10
[ 294.373463][ T40] ? __pfx_drm_fb_helper_set_par+0x10/0x10
[ 294.373485][ T40] set_con2fb_map+0x796/0x1060
[ 294.373508][ T40] fbcon_fb_registered+0x21d/0x6a0
[ 294.373530][ T40] ? fb_var_to_videomode+0x4c9/0x690
[ 294.373546][ T40] register_framebuffer+0x485/0x840
[ 294.373562][ T40] ? __pfx_register_framebuffer+0x10/0x10
[ 294.373579][ T40] ? drm_fbdev_generic_helper_fb_probe+0x49e/0x680
[ 294.373600][ T40] __drm_fb_helper_initial_config_and_unlock+0xd82/0x1650
[ 294.373626][ T40] ? __pfx___mutex_lock+0x10/0x10
[ 294.373648][ T40] ? __pfx___drm_fb_helper_initial_config_and_unlock+0x10/0x10
[ 294.373673][ T40] drm_fb_helper_initial_config+0x44/0x60
[ 294.373696][ T40] drm_fbdev_generic_client_hotplug+0x1a6/0x280
[ 294.373716][ T40] ? __pfx_drm_fbdev_generic_client_hotplug+0x10/0x10
[ 294.373737][ T40] drm_client_register+0x195/0x280
[ 294.373760][ T40] drm_fbdev_generic_setup+0x184/0x340
[ 294.373782][ T40] virtio_gpu_probe+0x29d/0x4e0
[ 294.373806][ T40] virtio_dev_probe+0x5ff/0x9b0
[ 294.373827][ T40] ? __pfx_virtio_dev_probe+0x10/0x10
[ 294.373846][ T40] really_probe+0x23e/0xa90
[ 294.373863][ T40] __driver_probe_device+0x1de/0x440
[ 294.373880][ T40] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 294.373900][ T40] driver_probe_device+0x4c/0x1b0
[ 294.373917][ T40] __driver_attach+0x283/0x580
[ 294.373933][ T40] ? __pfx___driver_attach+0x10/0x10
[ 294.373949][ T40] bus_for_each_dev+0x13c/0x1d0
[ 294.373972][ T40] ? __pfx_bus_for_each_dev+0x10/0x10
[ 294.373994][ T40] bus_add_driver+0x2e9/0x690
[ 294.374009][ T40] driver_register+0x15c/0x4b0
[ 294.374037][ T40] ? __register_virtio_driver+0x56/0x100
[ 294.374057][ T40] ? __pfx_virtio_gpu_driver_init+0x10/0x10
[ 294.374081][ T40] do_one_initcall+0x128/0x700
[ 294.374103][ T40] ? __pfx_do_one_initcall+0x10/0x10
[ 294.374125][ T40] ? trace_kmalloc+0x2d/0xe0
[ 294.374143][ T40] ? __kmalloc_noprof+0x20b/0x410
[ 294.374166][ T40] kernel_init_freeable+0x69d/0xca0
[ 294.374186][ T40] ? __pfx_kernel_init+0x10/0x10
[ 294.374206][ T40] kernel_init+0x1c/0x2b0
[ 294.374224][ T40] ? __pfx_kernel_init+0x10/0x10
[ 294.374240][ T40] ret_from_fork+0x45/0x80
[ 294.374259][ T40] ? __pfx_kernel_init+0x10/0x10
[ 294.374276][ T40] ret_from_fork_asm+0x1a/0x30
[ 294.374299][ T40] </TASK>
[ 294.374310][ T40] INFO: task kworker/0:0:8 blocked for more than 143 seconds.
[ 294.374321][ T40] Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 294.374331][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 294.374338][ T40] task:kworker/0:0 state:D stack:27920 pid:8 tgid:8 ppid:2 flags:0x00004000
[ 294.374369][ T40] Workqueue: events virtio_gpu_dequeue_ctrl_func
[ 294.374391][ T40] Call Trace:
[ 294.374398][ T40] <TASK>
[ 294.374405][ T40] __schedule+0xf15/0x5d00
[ 294.374426][ T40] ? __pfx___lock_acquire+0x10/0x10
[ 294.374449][ T40] ? __pfx___lock_acquire+0x10/0x10
[ 294.374474][ T40] ? __pfx___schedule+0x10/0x10
[ 294.374495][ T40] ? schedule+0x298/0x350
[ 294.374515][ T40] ? __pfx_lock_release+0x10/0x10
[ 294.374537][ T40] ? __mutex_lock+0x5b3/0x9c0
[ 294.374560][ T40] ? __mutex_trylock_common+0x78/0x250
[ 294.374586][ T40] schedule+0xe7/0x350
[ 294.374607][ T40] schedule_preempt_disabled+0x13/0x30
[ 294.374630][ T40] __mutex_lock+0x5b8/0x9c0
[ 294.374655][ T40] ? call_usermodehelper_setup+0x252/0x340
[ 294.374674][ T40] ? kobject_uevent_env+0x2db/0x1810
[ 294.374694][ T40] ? drm_client_dev_hotplug+0x169/0x3c0
[ 294.374711][ T40] ? __pfx___mutex_lock+0x10/0x10
[ 294.374736][ T40] ? __pfx_lock_release+0x10/0x10
[ 294.374762][ T40] ? drm_client_dev_hotplug+0x169/0x3c0
[ 294.374778][ T40] drm_client_dev_hotplug+0x169/0x3c0
[ 294.374796][ T40] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 294.374820][ T40] virtio_gpu_cmd_get_display_info_cb+0x3e1/0x550
[ 294.374843][ T40] ? __pfx_virtio_gpu_cmd_get_display_info_cb+0x10/0x10
[ 294.374866][ T40] virtio_gpu_dequeue_ctrl_func+0x209/0x7d0
[ 294.374889][ T40] ? __pfx_virtio_gpu_dequeue_ctrl_func+0x10/0x10
[ 294.374912][ T40] process_one_work+0x9fb/0x1b60
[ 294.374932][ T40] ? __pfx_lock_acquire+0x10/0x10
[ 294.374957][ T40] ? __pfx_process_one_work+0x10/0x10
[ 294.374976][ T40] ? assign_work+0x1a0/0x250
[ 294.375001][ T40] worker_thread+0x6c8/0xf70
[ 294.375028][ T40] ? __pfx_worker_thread+0x10/0x10
[ 294.375045][ T40] kthread+0x2c1/0x3a0
[ 294.375066][ T40] ? _raw_spin_unlock_irq+0x23/0x50
[ 294.375088][ T40] ? __pfx_kthread+0x10/0x10
[ 294.375109][ T40] ret_from_fork+0x45/0x80
[ 294.375133][ T40] ? __pfx_kthread+0x10/0x10
[ 294.375154][ T40] ret_from_fork_asm+0x1a/0x30
[ 294.375181][ T40] </TASK>
[ 294.375215][ T40] INFO: task kworker/0:2:827 blocked for more than 143 seconds.
[ 294.375227][ T40] Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 294.375237][ T40] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 294.375244][ T40] task:kworker/0:2 state:D stack:26496 pid:827 tgid:827 ppid:2 flags:0x00004000
[ 294.375276][ T40] Workqueue: events drm_fb_helper_damage_work
[ 294.375300][ T40] Call Trace:
[ 294.375306][ T40] <TASK>
[ 294.375314][ T40] __schedule+0xf15/0x5d00
[ 294.375337][ T40] ? __pfx_mark_lock+0x10/0x10
[ 294.375363][ T40] ? __pfx___schedule+0x10/0x10
[ 294.375386][ T40] ? schedule+0x298/0x350
[ 294.375408][ T40] ? __pfx_lock_release+0x10/0x10
[ 294.375433][ T40] ? _raw_spin_unlock_irq+0x23/0x50
[ 294.375455][ T40] ? lockdep_hardirqs_on+0x7c/0x110
[ 294.375482][ T40] schedule+0xe7/0x350
[ 294.375504][ T40] virtio_gpu_queue_fenced_ctrl_buffer+0x497/0xff0
[ 294.375529][ T40] ? __pfx_virtio_gpu_queue_fenced_ctrl_buffer+0x10/0x10
[ 294.375555][ T40] ? trace_kmem_cache_alloc+0x2d/0xe0
[ 294.375577][ T40] ? kmem_cache_alloc_noprof+0x174/0x2f0
[ 294.375604][ T40] ? __pfx_autoremove_wake_function+0x10/0x10
[ 294.375630][ T40] ? __asan_memset+0x23/0x50
[ 294.375652][ T40] ? virtio_gpu_cmd_resource_flush+0x85/0x220
[ 294.375675][ T40] virtio_gpu_primary_plane_update+0x105d/0x1590
[ 294.375703][ T40] ? __pfx_virtio_gpu_primary_plane_update+0x10/0x10
[ 294.375730][ T40] ? drm_crtc_next_vblank_start+0x25d/0x300
[ 294.375755][ T40] drm_atomic_helper_commit_planes+0x93a/0x1000
[ 294.375780][ T40] drm_atomic_helper_commit_tail+0x69/0xf0
[ 294.375802][ T40] commit_tail+0x356/0x410
[ 294.375824][ T40] drm_atomic_helper_commit+0x2fd/0x380
[ 294.375848][ T40] ? __pfx_drm_atomic_helper_commit+0x10/0x10
[ 294.375871][ T40] drm_atomic_commit+0x227/0x300
[ 294.375891][ T40] ? __pfx_drm_atomic_commit+0x10/0x10
[ 294.375910][ T40] ? __pfx___drm_printfn_info+0x10/0x10
[ 294.375932][ T40] ? modeset_lock+0x10e/0x6c0
[ 294.375956][ T40] drm_atomic_helper_dirtyfb+0x615/0x7b0
[ 294.375977][ T40] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[ 294.375999][ T40] ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[ 294.376025][ T40] drm_fbdev_generic_helper_fb_dirty+0x7ad/0xbd0
[ 294.376051][ T40] ? __pfx_drm_fbdev_generic_helper_fb_dirty+0x10/0x10
[ 294.376075][ T40] ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 294.376097][ T40] drm_fb_helper_damage_work+0x285/0x5e0
[ 294.376121][ T40] ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[ 294.376146][ T40] process_one_work+0x9fb/0x1b60
[ 294.376166][ T40] ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[ 294.376190][ T40] ? __pfx_process_one_work+0x10/0x10
[ 294.376209][ T40] ? assign_work+0x1a0/0x250
[ 294.376234][ T40] worker_thread+0x6c8/0xf70
[ 294.376254][ T40] ? __kthread_parkme+0x148/0x220
[ 294.376274][ T40] ? __pfx_worker_thread+0x10/0x10
[ 294.376291][ T40] kthread+0x2c1/0x3a0
[ 294.376311][ T40] ? _raw_spin_unlock_irq+0x23/0x50
[ 294.376334][ T40] ? __pfx_kthread+0x10/0x10
[ 294.376355][ T40] ret_from_fork+0x45/0x80
[ 294.376379][ T40] ? __pfx_kthread+0x10/0x10
[ 294.376400][ T40] ret_from_fork_asm+0x1a/0x30
[ 294.376428][ T40] </TASK>
[ 294.376437][ T40]
[ 294.376437][ T40] Showing all locks held in the system:
[ 294.376444][ T40] 9 locks held by swapper/0/1:
[ 294.376455][ T40] #0: ffff88801d86f170 (&dev->mutex){....}-{3:3}, at: __driver_attach+0x278/0x580
[ 294.376507][ T40] #1: ffff88801fcc42f8 (&dev->clientlist_mutex){+.+.}-{3:3}, at: drm_client_register+0x54/0x280
[ 294.376560][ T40] #2: ffffffff8e6e4ba8 (registration_lock){+.+.}-{3:3}, at: register_framebuffer+0x7a/0x840
[ 294.376605][ T40] #3: ffffffff8db9f2e0 (console_lock){+.+.}-{0:0}, at: fbcon_fb_registered+0x3c/0x6a0
[ 294.376658][ T40] #4: ffff88801b3b7280 (&helper->lock){+.+.}-{3:3}, at: drm_fb_helper_pan_display+0xd5/0x990
[ 294.376712][ T40] #5: ffff88801fcc41b0 (&dev->master_mutex){+.+.}-{3:3}, at: drm_master_internal_acquire+0x21/0x80
[ 294.376760][ T40] #6: ffff88801b3b7098 (&client->modeset_mutex){+.+.}-{3:3}, at: drm_client_modeset_commit_locked+0x4c/0x580
[ 294.376807][ T40] #7: ffffc90000047318 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_client_modeset_commit_atomic+0xd0/0x810
[ 294.376854][ T40] #8: ffff88801fb0d0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0
[ 294.376911][ T40] 3 locks held by kworker/0:0/8:
[ 294.376977][ T40] #0: ffff888015488948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60
[ 294.377028][ T40] #1: ffffc900000b7d80 ((work_completion)(&vgvq->dequeue_work)){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60
[ 294.377073][ T40] #2: ffff88801fcc42f8 (&dev->clientlist_mutex){+.+.}-{3:3}, at: drm_client_dev_hotplug+0x169/0x3c0
[ 294.377123][ T40] 1 lock held by khungtaskd/40:
[ 294.377134][ T40] #0: ffffffff8dbb18e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340
[ 294.377189][ T40] 2 locks held by kworker/u32:3/54:
[ 294.377199][ T40] #0: ffff888015491148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60
[ 294.377245][ T40] #1: ffffc90000a67d80 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60
[ 294.377296][ T40] 5 locks held by kworker/0:2/827:
[ 294.377307][ T40] #0: ffff888015488948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12bf/0x1b60
[ 294.377351][ T40] #1: ffffc9000506fd80 ((work_completion)(&helper->damage_work)){+.+.}-{0:0}, at: process_one_work+0x957/0x1b60
[ 294.377396][ T40] #2: ffffc9000506fa10 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_atomic_helper_dirtyfb+0xb5/0x7b0
[ 294.377441][ T40] #3: ffff88801fb0d0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x488/0x6c0
[ 294.377492][ T40] #4: ffffffff8e8210b0 (drm_unplug_srcu){.+.+}-{0:0}, at: drm_dev_enter+0x49/0x160
[ 294.377538][ T40]
[ 294.377543][ T40] =============================================
[ 294.377543][ T40]
[ 294.377551][ T40] Kernel panic - not syncing: hung_task: blocked tasks
[ 294.377560][ T40] CPU: 3 PID: 40 Comm: khungtaskd Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 294.377578][ T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 294.377588][ T40] Call Trace:
[ 294.377595][ T40] <TASK>
[ 294.377601][ T40] dump_stack_lvl+0x3d/0x1f0
[ 294.377626][ T40] panic+0x6f5/0x7a0
[ 294.377651][ T40] ? __pfx_panic+0x10/0x10
[ 294.377676][ T40] ? watchdog+0xd3d/0x1240
[ 294.377693][ T40] ? watchdog+0xd30/0x1240
[ 294.377710][ T40] watchdog+0xd4e/0x1240
[ 294.377728][ T40] ? __pfx_watchdog+0x10/0x10
[ 294.377743][ T40] ? lockdep_hardirqs_on+0x7c/0x110
[ 294.377769][ T40] ? __kthread_parkme+0x148/0x220
[ 294.377788][ T40] ? __pfx_watchdog+0x10/0x10
[ 294.377805][ T40] kthread+0x2c1/0x3a0
[ 294.377823][ T40] ? _raw_spin_unlock_irq+0x23/0x50
[ 294.377844][ T40] ? __pfx_kthread+0x10/0x10
[ 294.377864][ T40] ret_from_fork+0x45/0x80
[ 294.377886][ T40] ? __pfx_kthread+0x10/0x10
[ 294.377905][ T40] ret_from_fork_asm+0x1a/0x30
[ 294.377930][ T40] </TASK>
[ 294.378588][ T40] Kernel Offset: disabled
program did not crash
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program crashed: KASAN: stack-out-of-bounds Read in profile_pc
simplifying C reproducer
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program crashed: KASAN: stack-out-of-bounds Read in profile_pc
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program crashed: KASAN: stack-out-of-bounds Read in profile_pc
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program crashed: KASAN: stack-out-of-bounds Read in profile_pc
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program crashed: KASAN: stack-out-of-bounds Read in profile_pc
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program did not crash
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program did not crash
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sysfs-write$FUSE_DIRENT
program did not crash
reproducing took 44m51.457490707s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44
Read of size 8 at addr ffffc9000329f9a0 by task syz-executor137/5202
CPU: 2 PID: 5202 Comm: syz-executor137 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:488
kasan_report+0xd9/0x110 mm/kasan/report.c:601
profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44
profile_tick+0xd3/0x140 kernel/profile.c:339
tick_sched_handle kernel/time/tick-sched.c:277 [inline]
tick_nohz_handler+0x380/0x530 kernel/time/tick-sched.c:297
__run_hrtimer kernel/time/hrtimer.c:1687 [inline]
__hrtimer_run_queues+0x657/0xcc0 kernel/time/hrtimer.c:1751
hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1813
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
__sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:queued_read_lock_slowpath+0x131/0x2b1 kernel/locking/qrwlock.c:51
Code: 85 45 01 00 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 <41> 0f b6 06 40 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75
RSP: 0018:ffffc9000329f998 EFLAGS: 00000286
RAX: 00000000000002ff RBX: ffff88802683a0b0 RCX: ffffffff8aeb79db
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88802683a0b0
RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed1004d07416
R10: ffff88802683a0b3 R11: 0000000000000003 R12: 1ffff92000653f34
R13: ffff88802683a0b4 R14: ffffed1004d07416 R15: ffff88802683a000
start_this_handle+0x249/0x15e0 fs/jbd2/transaction.c:383
jbd2__journal_start+0x394/0x6a0 fs/jbd2/transaction.c:520
__ext4_journal_start_sb+0x358/0x660 fs/ext4/ext4_jbd2.c:112
__ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline]
__ext4_unlink+0x418/0xcb0 fs/ext4/namei.c:3262
ext4_unlink+0x422/0x610 fs/ext4/namei.c:3321
vfs_unlink+0x2fb/0x9b0 fs/namei.c:4343
do_unlinkat+0x5c0/0x750 fs/namei.c:4407
__do_sys_unlink fs/namei.c:4455 [inline]
__se_sys_unlink fs/namei.c:4453 [inline]
__x64_sys_unlink+0xc7/0x110 fs/namei.c:4453
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb3ebca6fc7
Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd5a228b08 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3ebca6fc7
RDX: 00007ffd5a228b30 RSI: 00007ffd5a228bc0 RDI: 00007ffd5a228bc0
RBP: 00007ffd5a228bc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd5a229c30
R13: 0000555573ab17d0 R14: 00007ffd5a229c30 R15: 0000000000000eda
</TASK>
The buggy address belongs to stack of task syz-executor137/5202
and is located at offset 0 in frame:
queued_read_lock_slowpath+0x0/0x2b1 arch/x86/include/asm/paravirt.h:584
This frame has 1 object:
[32, 36) 'val'
The buggy address belongs to the virtual mapping at
[ffffc90003298000, ffffc900032a1000) created by:
kernel_clone+0xfd/0x980 kernel/fork.c:2797
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fbfb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4912, tgid 4912 (dhcpcd), ts 71817495197, free_ts 68910505176
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1468
prep_new_page mm/page_alloc.c:1476 [inline]
get_page_from_freelist+0x136a/0x2df0 mm/page_alloc.c:3402
__alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4660
alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2265
vm_area_alloc_pages mm/vmalloc.c:3566 [inline]
__vmalloc_area_node mm/vmalloc.c:3642 [inline]
__vmalloc_node_range_noprof+0xa6a/0x1520 mm/vmalloc.c:3823
alloc_thread_stack_node kernel/fork.c:309 [inline]
dup_task_struct kernel/fork.c:1115 [inline]
copy_process+0x2f38/0x8f10 kernel/fork.c:2220
kernel_clone+0xfd/0x980 kernel/fork.c:2797
__do_sys_clone3+0x1f5/0x270 kernel/fork.c:3098
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5089 tgid 5089 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1088 [inline]
free_unref_page+0x64a/0xe40 mm/page_alloc.c:2565
__put_partials+0x14c/0x170 mm/slub.c:2994
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3940 [inline]
slab_alloc_node mm/slub.c:4000 [inline]
kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4007
mt_alloc_one lib/maple_tree.c:162 [inline]
mas_alloc_nodes+0x176/0x860 lib/maple_tree.c:1242
mas_node_count_gfp+0x105/0x130 lib/maple_tree.c:1322
mas_preallocate+0x3bb/0x1020 lib/maple_tree.c:5556
vma_iter_prealloc mm/internal.h:1361 [inline]
vma_expand+0x6f3/0x1310 mm/mmap.c:661
mmap_region+0x153d/0x2760 mm/mmap.c:2859
do_mmap+0xbc7/0xf60 mm/mmap.c:1397
vm_mmap_pgoff+0x1ba/0x360 mm/util.c:573
ksys_mmap_pgoff+0x332/0x5d0 mm/mmap.c:1443
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Memory state around the buggy address:
ffffc9000329f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffc9000329f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc9000329f980: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
^
ffffc9000329fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffc9000329fa80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 f3
==================================================================
----------------
Code disassembly (best guess):
0: 85 45 01 test %eax,0x1(%rbp)
3: 00 00 add %al,(%rax)
5: 8b 03 mov (%rbx),%eax
7: 84 c0 test %al,%al
9: 74 36 je 0x41
b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
12: fc ff df
15: 49 89 de mov %rbx,%r14
18: 48 89 dd mov %rbx,%rbp
1b: 49 c1 ee 03 shr $0x3,%r14
1f: 83 e5 07 and $0x7,%ebp
22: 49 01 c6 add %rax,%r14
25: 83 c5 03 add $0x3,%ebp
28: f3 90 pause
* 2a: 41 0f b6 06 movzbl (%r14),%eax <-- trapping instruction
2e: 40 38 c5 cmp %al,%bpl
31: 7c 08 jl 0x3b
33: 84 c0 test %al,%al
35: 0f 85 1f 01 00 00 jne 0x15a
3b: 8b 03 mov (%rbx),%eax
3d: 84 c0 test %al,%al
3f: 75 .byte 0x75
final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44
Read of size 8 at addr ffffc9000329f9a0 by task syz-executor137/5202
CPU: 2 PID: 5202 Comm: syz-executor137 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:488
kasan_report+0xd9/0x110 mm/kasan/report.c:601
profile_pc+0x186/0x1a0 arch/x86/kernel/time.c:44
profile_tick+0xd3/0x140 kernel/profile.c:339
tick_sched_handle kernel/time/tick-sched.c:277 [inline]
tick_nohz_handler+0x380/0x530 kernel/time/tick-sched.c:297
__run_hrtimer kernel/time/hrtimer.c:1687 [inline]
__hrtimer_run_queues+0x657/0xcc0 kernel/time/hrtimer.c:1751
hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1813
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
__sysvec_apic_timer_interrupt+0x10f/0x450 arch/x86/kernel/apic/apic.c:1049
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:queued_read_lock_slowpath+0x131/0x2b1 kernel/locking/qrwlock.c:51
Code: 85 45 01 00 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 <41> 0f b6 06 40 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75
RSP: 0018:ffffc9000329f998 EFLAGS: 00000286
RAX: 00000000000002ff RBX: ffff88802683a0b0 RCX: ffffffff8aeb79db
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88802683a0b0
RBP: 0000000000000003 R08: 0000000000000001 R09: ffffed1004d07416
R10: ffff88802683a0b3 R11: 0000000000000003 R12: 1ffff92000653f34
R13: ffff88802683a0b4 R14: ffffed1004d07416 R15: ffff88802683a000
start_this_handle+0x249/0x15e0 fs/jbd2/transaction.c:383
jbd2__journal_start+0x394/0x6a0 fs/jbd2/transaction.c:520
__ext4_journal_start_sb+0x358/0x660 fs/ext4/ext4_jbd2.c:112
__ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline]
__ext4_unlink+0x418/0xcb0 fs/ext4/namei.c:3262
ext4_unlink+0x422/0x610 fs/ext4/namei.c:3321
vfs_unlink+0x2fb/0x9b0 fs/namei.c:4343
do_unlinkat+0x5c0/0x750 fs/namei.c:4407
__do_sys_unlink fs/namei.c:4455 [inline]
__se_sys_unlink fs/namei.c:4453 [inline]
__x64_sys_unlink+0xc7/0x110 fs/namei.c:4453
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb3ebca6fc7
Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd5a228b08 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3ebca6fc7
RDX: 00007ffd5a228b30 RSI: 00007ffd5a228bc0 RDI: 00007ffd5a228bc0
RBP: 00007ffd5a228bc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd5a229c30
R13: 0000555573ab17d0 R14: 00007ffd5a229c30 R15: 0000000000000eda
</TASK>
The buggy address belongs to stack of task syz-executor137/5202
and is located at offset 0 in frame:
queued_read_lock_slowpath+0x0/0x2b1 arch/x86/include/asm/paravirt.h:584
This frame has 1 object:
[32, 36) 'val'
The buggy address belongs to the virtual mapping at
[ffffc90003298000, ffffc900032a1000) created by:
kernel_clone+0xfd/0x980 kernel/fork.c:2797
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1fbfb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4912, tgid 4912 (dhcpcd), ts 71817495197, free_ts 68910505176
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1468
prep_new_page mm/page_alloc.c:1476 [inline]
get_page_from_freelist+0x136a/0x2df0 mm/page_alloc.c:3402
__alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4660
alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2265
vm_area_alloc_pages mm/vmalloc.c:3566 [inline]
__vmalloc_area_node mm/vmalloc.c:3642 [inline]
__vmalloc_node_range_noprof+0xa6a/0x1520 mm/vmalloc.c:3823
alloc_thread_stack_node kernel/fork.c:309 [inline]
dup_task_struct kernel/fork.c:1115 [inline]
copy_process+0x2f38/0x8f10 kernel/fork.c:2220
kernel_clone+0xfd/0x980 kernel/fork.c:2797
__do_sys_clone3+0x1f5/0x270 kernel/fork.c:3098
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5089 tgid 5089 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1088 [inline]
free_unref_page+0x64a/0xe40 mm/page_alloc.c:2565
__put_partials+0x14c/0x170 mm/slub.c:2994
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3940 [inline]
slab_alloc_node mm/slub.c:4000 [inline]
kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4007
mt_alloc_one lib/maple_tree.c:162 [inline]
mas_alloc_nodes+0x176/0x860 lib/maple_tree.c:1242
mas_node_count_gfp+0x105/0x130 lib/maple_tree.c:1322
mas_preallocate+0x3bb/0x1020 lib/maple_tree.c:5556
vma_iter_prealloc mm/internal.h:1361 [inline]
vma_expand+0x6f3/0x1310 mm/mmap.c:661
mmap_region+0x153d/0x2760 mm/mmap.c:2859
do_mmap+0xbc7/0xf60 mm/mmap.c:1397
vm_mmap_pgoff+0x1ba/0x360 mm/util.c:573
ksys_mmap_pgoff+0x332/0x5d0 mm/mmap.c:1443
__do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
__se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
__x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:79
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Memory state around the buggy address:
ffffc9000329f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffc9000329f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc9000329f980: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
^
ffffc9000329fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffc9000329fa80: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 f3
==================================================================
----------------
Code disassembly (best guess):
0: 85 45 01 test %eax,0x1(%rbp)
3: 00 00 add %al,(%rax)
5: 8b 03 mov (%rbx),%eax
7: 84 c0 test %al,%al
9: 74 36 je 0x41
b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
12: fc ff df
15: 49 89 de mov %rbx,%r14
18: 48 89 dd mov %rbx,%rbp
1b: 49 c1 ee 03 shr $0x3,%r14
1f: 83 e5 07 and $0x7,%ebp
22: 49 01 c6 add %rax,%r14
25: 83 c5 03 add $0x3,%ebp
28: f3 90 pause
* 2a: 41 0f b6 06 movzbl (%r14),%eax <-- trapping instruction
2e: 40 38 c5 cmp %al,%bpl
31: 7c 08 jl 0x3b
33: 84 c0 test %al,%al
35: 0f 85 1f 01 00 00 jne 0x15a
3b: 8b 03 mov (%rbx),%eax
3d: 84 c0 test %al,%al
3f: 75 .byte 0x75