* Re: [BUG] RCU stall in vkms_vblank_simulate due to lock contention during warn_alloc (6.18.0)
[not found] <2cea5f.92cc.19b8721c1b5.Coremail.23009200614@stu.xidian.edu.cn>
@ 2026-01-05 15:48 ` Petr Mladek
2026-01-06 3:06 ` 王志
0 siblings, 1 reply; 2+ messages in thread
From: Petr Mladek @ 2026-01-05 15:48 UTC (permalink / raw)
To: 王志
Cc: rodrigosiqueiramelo, daniel, senozhatsky, paulmck,
Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann, David Airlie,
Simona Vetter, dri-devel
Adding some DRM people into Cc.
On Sun 2026-01-04 11:51:35, 王志 wrote:
> Dear Developers,
>
> I am reporting an RCU CPU stall detected by Syzkaller on Linux 6.18.0. The issue involves a deadlock-like scenario in the VKMS driver when memory allocation warnings occur.
>
> Analysis: CPU 2 is executing a DRM ioctl and enters warn_alloc, which invokes printk. While flushing the console, an hrtimer interrupt fires and runs vkms_vblank_simulate.
>
> The interrupt handler stalls at drm_handle_vblank trying to acquire a spinlock, which appears to be held by CPU 1 (running drm_file_free). Since this happens in hard IRQ context, CPU 2 spins indefinitely, leading to the RCU stall.
If it spins indefinitelly then it looks like a deadlock.
But it seems that both CPU1 and CPU2 are waiting for the (same?)
lock, see below.
> Stack Trace Highlights:
>
> RIP: native_queued_spin_lock_slowpath
> <IRQ>
> drm_handle_vblank+0x125/0xc70
> vkms_vblank_simulate+0xa8/0x390
> hrtimer_interrupt
> <TASK>
> console_flush_all
> warn_alloc
> __kvmalloc_node_noprof
> drm_property_create_blob
> drm_ioctl
> Environment:
>
> Kernel: 6.18.0 #1 PREEMPT(full)
>
> Config: KASAN enabled
>
> Hardware: QEMU (i440FX)
>
> It seems like the combination of PREEMPT(full) and the long duration of warn_alloc's printk cycle makes the system vulnerable to this interrupt-level contention.
>
> rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> rcu: 2-...!: (10 ticks this GP) idle=4f7c/1/0x4000000000000000 softirq=64211/64211 fqs=13
> rcu: (detected by 0, t=10505 jiffies, g=77557, q=966 ncpus=4)
> Sending NMI from CPU 0 to CPUs 2:
> NMI backtrace for cpu 2
> CPU: 2 UID: 0 PID: 27050 Comm: syz.2.6110 Not tainted 6.18.0 #1 PREEMPT(full)
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
> RIP: 0010:native_queued_spin_lock_slowpath+0x23e/0x9c0
This is spin_lock_slowpath on CPU2 => CPU2 is spinning and waiting for
a lock.
Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 1c 07 00 00 b8 01 00 00 00 66 89 45 00 e9 c2 fe ff ff 89 44 24 40 f3 90 <e9> 5e fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
> RSP: 0018:ffffc90000658b78 EFLAGS: 00000002
> RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8b43f32e
> RDX: ffffed10044eac6b RSI: 0000000000000004 RDI: ffff888022756350
> RBP: ffff888022756350 R08: 0000000000000000 R09: ffffed10044eac6a
> R10: ffff888022756353 R11: 0000000000000000 R12: 1ffff920000cb171
> R13: 0000000000000003 R14: ffffed10044eac6a R15: ffffc90000658bb8
> FS: 00007f1a7d7f6640(0000) GS:ffff8880cf101000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f2e53b8fff0 CR3: 0000000061616000 CR4: 00000000000006f0
> Call Trace:
> <IRQ>
> debug_spin_lock_before home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:87 [inline]
> do_raw_spin_lock+0x20d/0x2b0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:115
> __raw_spin_lock_irqsave home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/spinlock_api_smp.h:110 [inline]
> _raw_spin_lock_irqsave+0x45/0x60 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock.c:162
> drm_handle_vblank+0x125/0xc70
> vkms_vblank_simulate+0xa8/0x390
> __run_hrtimer home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/hrtimer.c:1779 [inline]
> __hrtimer_run_queues+0x1f5/0xb30 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/hrtimer.c:1841
> hrtimer_interrupt+0x39a/0x880 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/hrtimer.c:1912
> instrument_atomic_read home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/instrumented.h:68 [inline]
> _test_bit home/wmy/Fuzzer/third_tool/linux-6.18/include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
> cpumask_test_cpu home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/cpumask.h:646 [inline]
> cpu_online home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/cpumask.h:1205 [inline]
> __do_trace_local_timer_exit home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/include/asm/trace/irq_vectors.h:40 [inline]
> trace_local_timer_exit home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/include/asm/trace/irq_vectors.h:40 [inline]
> __sysvec_apic_timer_interrupt+0x10d/0x400 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/kernel/apic/apic.c:1059
> sysvec_apic_timer_interrupt+0xa3/0xc0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/kernel/apic/apic.c:2145
> </IRQ>
> <TASK>
> asm_sysvec_apic_timer_interrupt+0x1a/0x20 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/include/asm/idtentry.h:697
> RIP: 0010:srcu_read_unlock_nmisafe home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/srcu.h:449 [inline]
> RIP: 0010:console_srcu_read_unlock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:303 [inline]
> RIP: 0010:console_flush_all+0x905/0xbe0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:3225
> Code: 24 08 48 8d 68 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 ab 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 ef c7 20 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 1e ff ff ff 4c 89 ef e8 c4 20 87
> RSP: 0018:ffffc90002dd7138 EFLAGS: 00000246
> RAX: ffffffff8ee702d8 RBX: 0000000000000001 RCX: ffffc90007631000
> RDX: 0000000000080000 RSI: ffffffff81999011 RDI: 0000000000000007
> RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000001
> R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000000
> R13: ffffffff8ee702d8 R14: dffffc0000000000 R15: ffffffff8ee70280
> __console_flush_and_unlock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:3258 [inline]
> console_unlock+0xc2/0x1f0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:3298
> console_trylock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2843 [inline]
> console_trylock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2836 [inline]
> console_trylock_spinning home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:1982 [inline]
> vprintk_emit+0x3e7/0x670 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2422
> _printk+0xbe/0xf0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2447
> show_free_areas+0x121d/0x2140 home/wmy/Fuzzer/third_tool/linux-6.18/mm/show_mem.c:299
> __show_mem+0x34/0x150 home/wmy/Fuzzer/third_tool/linux-6.18/mm/show_mem.c:408
> warn_alloc_show_mem home/wmy/Fuzzer/third_tool/linux-6.18/mm/page_alloc.c:3938 [inline]
> warn_alloc+0x278/0x360 home/wmy/Fuzzer/third_tool/linux-6.18/mm/page_alloc.c:3963
> free_vm_area home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:4619 [inline]
> __vmalloc_area_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3709 [inline]
> __vmalloc_node_range_noprof+0xfaa/0x13b0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3897
> __vmalloc_node_noprof+0xac/0xf0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3960
> set_vm_area_page_order home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3089 [inline]
> __vmalloc_area_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3713 [inline]
> __vmalloc_node_range_noprof+0x40d/0x13b0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3897
> slab_want_init_on_free home/wmy/Fuzzer/third_tool/linux-6.18/mm/slab.h:644 [inline]
> slab_want_init_on_free home/wmy/Fuzzer/third_tool/linux-6.18/mm/slab.h:640 [inline]
> maybe_wipe_obj_freeptr home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:4918 [inline]
> slab_alloc_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:5278 [inline]
> __do_kmalloc_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:5649 [inline]
> __kvmalloc_node_noprof+0x41f/0x9d0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:7112
> drm_property_create_blob.part.0+0x34/0x320
> drm_mode_createblob_ioctl+0x139/0x490
> drm_ioctl_kernel+0x1ed/0x3e0
> drm_ioctl+0x574/0xb90
> vfs_ioctl home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:51 [inline]
> __do_sys_ioctl home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:597 [inline]
> __se_sys_ioctl home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:583 [inline]
> __x64_sys_ioctl+0x18f/0x210 home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:583
> do_syscall_64+0xcb/0xfa0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/entry/syscall_64.c:99
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f1a7f5b059d
> Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007f1a7d7f5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> RAX: ffffffffffffffda RBX: 00007f1a7f825fa0 RCX: 00007f1a7f5b059d
> RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 000000000000000a
> RBP: 00007f1a7f64e078 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f1a7f826038 R14: 00007f1a7f825fa0 R15: 00007f1a7d7d6000
> </TASK>
> rcu: rcu_preempt kthread timer wakeup didn't happen for 10449 jiffies! g77557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
> rcu: Possible timer handling issue on cpu=1 timer-softirq=43340
> rcu: rcu_preempt kthread starved for 10450 jiffies! g77557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
> rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
> rcu: RCU grace-period kthread stack dump:
> task:rcu_preempt state:I stack:28424 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
> Call Trace:
> <TASK>
> sched_info_arrive home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/stats.h:267 [inline]
> sched_info_switch home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/stats.h:330 [inline]
> prepare_task_switch home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:5122 [inline]
> context_switch home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:5272 [inline]
> __schedule+0x1044/0x5bb0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:6929
> __schedule_loop home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:7011 [inline]
> schedule+0xe7/0x3a0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:7026
> schedule_timeout+0x113/0x280 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/sleep_timeout.c:98
> rcu_gp_fqs_check_wake home/wmy/Fuzzer/third_tool/linux-6.18/kernel/rcu/tree.c:2007 [inline]
> rcu_gp_fqs_loop+0x18c/0xa00 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/rcu/tree.c:2083
> rcu_gp_kthread+0x26f/0x370 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/rcu/tree.c:2280
> kthread+0x3d0/0x780 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/kthread.c:463
> ret_from_fork+0x676/0x7d0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/kernel/process.c:195
> ret_from_fork_asm+0x1a/0x30 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/entry/entry_64.S:245
> </TASK>
> rcu: Stack dump where RCU GP kthread last ran:
> Sending NMI from CPU 0 to CPUs 1:
> NMI backtrace for cpu 1
> CPU: 1 UID: 0 PID: 27261 Comm: syz.1.6200 Not tainted 6.18.0 #1 PREEMPT(full)
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
> RIP: 0010:native_queued_spin_lock_slowpath+0x23e/0x9c0
This is spin_lock_slowpath on CPU1 => Also CPU1 seems to be spinning and
waiting for a lock.
On CPU2, in IRQ context, it seems that drm_handle_vblank() tries to take:
+ dev->event_lock
+ dev->vblank_time_lock
On CPU1, in TASK context, it seems that drm_file_free() in
drm_events_release() tries to take:
+ dev->event_lock
So, I guess that that contention/deadlock is on dev->event_lock.
But who owns the lock, please? It is not obvious to me.
On CPU2, in TASK context, drm_property_create_blob() seems to take
a mutex. So, it should not be holding any spin lock.
What is going on CPU0?
Could you please provice a (more) complete kernel log?
And if there is a deadlock scenario then it might get reported
by lockdep. Could you please try to enable CONFIG_PROVE_LOCKING?
> Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 1c 07 00 00 b8 01 00 00 00 66 89 45 00 e9 c2 fe ff ff 89 44 24 40 f3 90 <e9> 5e fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
> RSP: 0018:ffffc90002d97b48 EFLAGS: 00000002
> RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8b43f32e
> RDX: ffffed10044eac6b RSI: 0000000000000004 RDI: ffff888022756350
> RBP: ffff888022756350 R08: 0000000000000000 R09: ffffed10044eac6a
> R10: ffff888022756353 R11: 0000000000000000 R12: 1ffff920005b2f6b
> R13: 0000000000000003 R14: ffffed10044eac6a R15: ffffc90002d97b88
> FS: 000055557fb21500(0000) GS:ffff8881a2601000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f4e64fa3fc8 CR3: 0000000131d68000 CR4: 00000000000006f0
> Call Trace:
> <TASK>
> debug_spin_lock_before home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:87 [inline]
> do_raw_spin_lock+0x20d/0x2b0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:115
> __raw_spin_lock_irqsave home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/spinlock_api_smp.h:110 [inline]
> _raw_spin_lock_irqsave+0x45/0x60 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock.c:162
> drm_file_free.part.0+0x2fd/0xcf0
> drm_close_helper.isra.0+0x183/0x1f0
> drm_release+0x1ab/0x360
> __fput+0x402/0xb50 home/wmy/Fuzzer/third_tool/linux-6.18/fs/file_table.c:468
> task_work_run+0x16b/0x260 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/task_work.c:227
> exit_to_user_mode_loop+0xf9/0x130
> do_syscall_64+0x424/0xfa0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/entry/syscall_32.c:308
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f4e641b059d
> Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007fff56b8c5b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
> RAX: 0000000000000000 RBX: 00007f4e64427da0 RCX: 00007f4e641b059d
> RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
> RBP: 00007fff56b8c658 R08: 0000001b33b205bc R09: 0000000000000000
> R10: 0000001b33f20000 R11: 0000000000000246 R12: ffffffffffffffff
> R13: 00007f4e6442609c R14: 00007f4e64427da0 R15: 00007fff56b8c680
> </TASK>
Best Regards,
Petr
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Re: [BUG] RCU stall in vkms_vblank_simulate due to lock contention during warn_alloc (6.18.0)
2026-01-05 15:48 ` [BUG] RCU stall in vkms_vblank_simulate due to lock contention during warn_alloc (6.18.0) Petr Mladek
@ 2026-01-06 3:06 ` 王志
0 siblings, 0 replies; 2+ messages in thread
From: 王志 @ 2026-01-06 3:06 UTC (permalink / raw)
To: Petr Mladek
Cc: rodrigosiqueiramelo, daniel, senozhatsky, paulmck,
Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann, David Airlie,
Simona Vetter, dri-devel
Dear Petr,
Thanks for your analysis.
I am currently re-running the Syzkaller reproducer with CONFIG_PROVE_LOCKING and CONFIG_DEBUG_LOCK_ALLOC enabled as you suggested. I will provide the updated log and any Lockdep warnings as soon as they are captured.
In the meantime, please find the full kernel log from the previous crash attached (or linked below).
Regarding CPU 0, I will check the full log to see what it was executing when the stall occurred. It seems CPU 2 was indeed trapped in hard IRQ context (vkms_vblank_simulate) spinning for a lock that CPU 1 (drm_file_free) was also trying to acquire or already held.
last executing test programs:
8.368835214s ago: executing program 2 (id=6100):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_PEC(r0, 0x708, 0x5)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000000)={0x1, 0xd, 0x7, &(0x7f0000000100)={0x20, "3f6678c673bf0580a192eeb82bb8a633250000000000f1ff00000000202000"}})
8.220343563s ago: executing program 2 (id=6109):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000340)={0x0, &(0x7f0000000280), 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, 0x0, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000040)={r2, 0x7, 0x5, 0xfffffff8, 0x3, [<r3=>0x0], [0x2, 0xbc01, 0xf, 0x8001], [0x7fff, 0x5, 0x4, 0x8], [0x9, 0x30, 0xfffffffffffffff9]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r3, 0x80000})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={r3})
8.026271723s ago: executing program 2 (id=6103):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000780)={0x0, 0xd, 0x5, &(0x7f0000000100)={0x89, "3f6678c673bf0580a1b1eeb82bd0a633250000000000000000000000201f00"}})
7.876767816s ago: executing program 2 (id=6105):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x200, 0x242060)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, 0x0)
syz_open_dev$dri(&(0x7f0000000680), 0x0, 0x4000)
7.479022609s ago: executing program 2 (id=6107):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000000)={0x0, 0xd, 0x8, &(0x7f0000000100)={0x60, "3f66b82bb8a633250000000000f1ff00000000202000"}})
7.390437653s ago: executing program 2 (id=6110):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000001c0)={0xff, 0x6, 0x3, 0x0, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000240)={r1})
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x20180)
ioctl$I2C_TENBIT(r2, 0x704, 0x1)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000080)={0x0, 0xa, 0x8, 0xfffffffffffffffd})
r3 = syz_open_dev$dri(&(0x7f0000000340), 0xfaa, 0x800)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x7652, 0xc0000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x0, 0x4, 0x22a1ddb8})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000480)={0x0})
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x40540)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f00000008c0)={&(0x7f0000000880)=[r6], 0x1, 0x80800})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1)
r8 = syz_open_dev$I2C(&(0x7f0000000380), 0x0, 0x101)
ioctl$I2C_FUNCS(r8, 0x705, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000680), 0x1, 0x100)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r9, 0xc01064bd, &(0x7f0000000000)={0x0, 0x46351d016c435ab5})
r10 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2101)
ioctl$DRM_IOCTL_MODE_GETFB(r10, 0xc01c64ad, &(0x7f0000000680))
r11 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[<r12=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r11, 0xc05064a7, &(0x7f0000001740)={&(0x7f0000001540)=[0x0], 0x0, 0x0, 0x0, 0x15, 0x0, 0x1, 0x0, r12})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[<r13=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r14=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r14, 0xc05064a7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[0x0], &(0x7f0000000040), 0x0, 0x1, 0x0, 0x0, r13})
1.23056994s ago: executing program 3 (id=6181):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000780)={0x0, 0xd, 0x5, &(0x7f0000000100)={0x89, "3f6678c673bf0580a1b1eeb82bd0a6332500"}})
1.209455865s ago: executing program 0 (id=6182):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_PEC(r0, 0x708, 0x5)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000780)={0x0, 0xd, 0x5, &(0x7f0000000100)={0x89, "3f6678c673bf0580a1b1eeb82bd0a6332500000000000000000000000000001f00"}})
1.128730176s ago: executing program 3 (id=6184):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000340)={0x0, &(0x7f0000000280)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000040)={r3, 0x7, 0x5, 0xfffffff8, 0x3, [<r4=>0x0], [0x2, 0xbc01, 0xf, 0x8001], [0x7fff, 0x5, 0x4, 0x8], [0x9, 0x30, 0xfffffffffffffff9]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000180)={r4})
1.026199224s ago: executing program 0 (id=6185):
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r0=>0xffffffffffffffff})
syz_open_dev$dri(&(0x7f0000000000), 0x660, 0x86140)
r1 = syz_open_dev$dri(&(0x7f0000000f40), 0x0, 0xa0a03)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000340)={0x0, &(0x7f0000000280)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000040)={r5, 0x7, 0x5, 0xfffffff8, 0x3, [<r6=>0x0], [0x2, 0xbc01, 0xf, 0x8001], [0x7fff, 0x5, 0x4, 0x8], [0x9, 0x30, 0xfffffffffffffff9]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x80000})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000001200)={0x365d, 0x4c, 0xffffff6f})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000080)={0x7, 0x1, 0x23, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f00000000c0)={r7})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x197840, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r2, 0x4010641a, &(0x7f0000000140)={0xa, &(0x7f0000000100)=[0x5, 0x0, 0x4, 0x4, 0xc9f, 0x3, 0x80000001, 0x10001, 0x21d4, 0x9]})
1.013001258s ago: executing program 3 (id=6187):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000780)={0x0, 0xd, 0x5, &(0x7f0000000100)={0x89, "3f6678c673bf0580a1b1eeb82bd0a6332500000000000000000000002000000003"}})
900.211369ms ago: executing program 0 (id=6188):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2000)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f00000000c0)={0x0, &(0x7f0000000180)=[{}], 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, r3})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000340)={0x0, &(0x7f0000000280)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r5, 0xc00864c0, &(0x7f0000000c00))
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000480)={0x0, 0x0, r4, 0x0, 0x4, 0x0, 0x8000, 0xffff, {0xfffffffe, 0x9, 0xfffe, 0x80, 0x4, 0x3c2, 0x4, 0xa, 0x9, 0x1, 0x4, 0x99, 0x4, 0x6, "80beb84b043ed00d7f26ec599f37b935c306f2219ce17a157d9e1f35c561e079"}})
780.879976ms ago: executing program 3 (id=6189):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x600)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000040))
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x40540)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
r3 = syz_open_dev$I2C(&(0x7f0000002680), 0x0, 0x800)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0xfffffffffffffffc, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)=[<r6=>0x0, 0x0], &(0x7f0000000480), 0x0, 0x2, 0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r4, 0xc04064aa, &(0x7f0000000540)={&(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000180)=[{}], r6, 0x0, '\x00', 0x2000031c, 0x1})
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000002780)={0x0, 0xe1, 0x3, &(0x7f0000002740)={0x8, "b283ea543cb78bab2fa5c5e874287edd62682e37523b0a5745de9a81a582891fdf"}})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000240)={&(0x7f0000000180)=[0x0, 0x0], &(0x7f00000001c0), 0x2, r2, 0xcccccccc})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x8000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000480)={0x0, &(0x7f00000003c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r7, 0xc02464bb, &(0x7f0000000680)={0x2, r8, 0x5, 0x5, 0x5, 0x0, 0x0, 0xd3b})
780.702213ms ago: executing program 1 (id=6190):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r1, 0xc02064a5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0x40086602, &(0x7f0000000180)={0x7, 0xfffffffe, 0x1})
764.064137ms ago: executing program 0 (id=6197):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_PEC(r0, 0x708, 0x5)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000000)={0x1, 0xd, 0x7, &(0x7f0000000100)={0x20, "3f6678c673bf0580a192eeb82bb8a633250000000000f1ff00000000202000"}})
620.399402ms ago: executing program 1 (id=6191):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x860000)
ioctl$I2C_SLAVE(r0, 0x703, 0x235)
ioctl$I2C_PEC(r0, 0x708, 0x5)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1)
ioctl$I2C_SLAVE_FORCE(r0, 0x706, 0x227)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)=[<r3=>0x0, 0x0], &(0x7f0000000240), 0x0, 0x2, 0x0, 0x0, r2})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r1, 0xc01064ab, &(0x7f0000000300)={0x5b7, r3, r2})
r4 = syz_open_dev$dri(&(0x7f0000000f40), 0x0, 0xa0a03)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000001200)={0x365d, 0x4c, 0xffffff6f})
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000000)={0x1, 0x7f, 0x5, &(0x7f0000000100)={0xe, "3f6678c673bf0580a192eeb82bb8a633250000000000f1ff00000000202000"}})
538.999877ms ago: executing program 0 (id=6192):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000780)={0x0, 0xd, 0x5, &(0x7f0000000100)={0x89, "3f6678c673bf0580a1b1eeb82bd0a6332500000000001f000000000000000300"}})
538.509554ms ago: executing program 3 (id=6193):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000000)={0x0, 0xd, 0x8, &(0x7f0000000100)={0x60, "3f66b82bb8a633250000000000f1ff000000002020000000000000002000"}})
439.271672ms ago: executing program 0 (id=6194):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000780)={0x0, 0xd, 0x5, &(0x7f0000000100)={0x89, "3f6678c673bf0580a1b1eeb82bd0a6332500"}})
438.995551ms ago: executing program 3 (id=6195):
r0 = syz_open_dev$dri(&(0x7f0000000680), 0x1, 0x40000)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x40540)
r2 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x848900)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f00000015c0)={&(0x7f0000000680)=[{0x0, 0x3001, 0x0, 0x0}], 0x1})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0xfffffffffffffffc, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_GET_STATS(r1, 0x80f86406, &(0x7f0000000340)=""/222)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x40540)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x2101)
r8 = syz_open_dev$dri(&(0x7f0000000000), 0xb, 0x1)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r8, 0xc01064bd, &(0x7f0000000180)={&(0x7f00000000c0)="c1aa055555", 0x5, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r8, 0xc02064b9, &(0x7f00000001c0)={0x0, 0x0, 0x0, r9})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000014c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000740)={&(0x7f00000005c0), 0x0, r6, 0x0, 0x0, 0x9, 0x0, 0x0, {0x4d, 0x28, 0x0, 0xfff6, 0x4, 0x8001, 0x6, 0x4, 0x9, 0x8, 0xb64, 0x401, 0x4, 0x8, "7d3c156a4679a2c5fbe20ea8c9ea82a3ea3b977c86be85ee7419ceacf7b0fc5c"}})
r10 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x100)
ioctl$DRM_IOCTL_MODE_CURSOR(r10, 0xc01c64a3, &(0x7f0000000200)={0x1, 0x0, 0x8, 0xe61, 0xfffffffb, 0x7f, 0x80})
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000300)={0x4000000, 0x4, 0xf})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000000000)=[0x0]})
396.567446ms ago: executing program 1 (id=6196):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_PEC(r0, 0x708, 0x5)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000000)={0x0, 0xe, 0x4, &(0x7f0000000100)={0x20, "3f667cc673bf0500e2b500f1ff0079c613b39400"}})
250.549425ms ago: executing program 1 (id=6198):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x200, 0x8002)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r1=>0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000000c0)={0x0, r1, <r2=>0x0, 0x0, 0x0, 0x2, &(0x7f0000000040)=[0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000008c0)={&(0x7f0000000880)=[r1, r2], 0x2, 0x80800, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000080)={0x2, r1, 0x9, 0x3, 0xd405, 0x10001, 0x40})
142.302163ms ago: executing program 1 (id=6199):
r0 = syz_open_dev$I2C(&(0x7f0000000700), 0x0, 0x840000)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000780)={0x0, 0xd, 0x5, &(0x7f0000000100)={0x89, "3f6678c673bf0580a1b1eeb82bd0a633250000000000000000000000200000001f"}})
0s ago: executing program 1 (id=6200):
r0 = syz_open_dev$dri(&(0x7f0000000400), 0x32c, 0xa060) (async)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x200, 0x242060)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETGAMMA(r0, 0xc02064a4, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1) (async)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000580)={0x0, &(0x7f00000004c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000a40)={0x0, 0x0, r4, 0x0, 0x0, 0x401, 0x8001, 0x0, {0x2, 0xee66, 0x5, 0x6, 0xc5b, 0x2, 0x8, 0x3, 0x8001, 0x1ff, 0x3, 0x3ff, 0x9, 0x2, "f3ca996247976557c2828fa84352005a759f76bfadb2fb30c239bcad2f2b8859"}}) (async)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0xa0, 0x400)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x59595959}) (async)
r6 = syz_open_dev$dri(&(0x7f0000000a00), 0x1ff, 0x401)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f00000000c0)={0x5, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, <r7=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r6, 0xc04064aa, &(0x7f0000000480)={0x0, 0x0, r7}) (async)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x600)
r9 = syz_open_dev$dri(&(0x7f0000000000), 0x7, 0x40740)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1}) (async)
r11 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r11, 0x40086602, &(0x7f0000000180)={0x8000, 0xfffffffe, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r8, 0xc02064a5, &(0x7f0000000140)={r10, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000100)={0x0, r4, <r12=>0x0, 0x0, 0x0, 0x2, &(0x7f0000000040)=[0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={r7, r10, r12, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) (async)
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000080)={0x0, 0x0, r4})
kernel console output (not intermixed with test programs):
3 length: 249 > 1
[ 779.898652][T10230] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 779.913506][T10230] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 779.936493][T10230] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 779.948877][T10230] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 780.019777][T23301] FAULT_INJECTION: forcing a failure.
[ 780.019777][T23301] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 780.029589][T23301] CPU: 1 UID: 0 PID: 23301 Comm: syz.3.4937 Not tainted 6.18.0 #1 PREEMPT(full)
[ 780.029617][T23301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 780.029631][T23301] Call Trace:
[ 780.029638][T23301] <TASK>
[ 780.029647][T23301] dump_stack_lvl+0x180/0x1b0
[ 780.029698][T23301] should_fail_ex+0x520/0x650
[ 780.029725][T23301] _copy_from_user+0x30/0xd0
[ 780.029749][T23301] i2cdev_ioctl+0xfa/0x820
[ 780.029770][T23301] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 780.029790][T23301] ? __fget_files+0x1fb/0x3b0
[ 780.029816][T23301] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 780.029837][T23301] __x64_sys_ioctl+0x18f/0x210
[ 780.029858][T23301] do_syscall_64+0xcb/0xfa0
[ 780.029888][T23301] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 780.029907][T23301] RIP: 0033:0x7fd8b9bb059d
[ 780.029923][T23301] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 780.029941][T23301] RSP: 002b:00007fd8baa0ef98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 780.029960][T23301] RAX: ffffffffffffffda RBX: 00007fd8b9e25fa0 RCX: 00007fd8b9bb059d
[ 780.029973][T23301] RDX: 0000200000000780 RSI: 0000000000000720 RDI: 0000000000000003
[ 780.029985][T23301] RBP: 00007fd8baa0f010 R08: 0000000000000000 R09: 0000000000000000
[ 780.029997][T23301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 780.030008][T23301] R13: 00007fd8b9e26038 R14: 00007fd8b9e25fa0 R15: 00007fd8ba9ef000
[ 780.030036][T23301] </TASK>
[ 780.218763][ C1] vkms_vblank_simulate: vblank timer overrun
[ 780.258784][T23305] FAULT_INJECTION: forcing a failure.
[ 780.258784][T23305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 780.288582][T23305] CPU: 2 UID: 0 PID: 23305 Comm: syz.1.4938 Not tainted 6.18.0 #1 PREEMPT(full)
[ 780.288678][T23305] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 780.288761][T23305] Call Trace:
[ 780.288772][T23305] <TASK>
[ 780.288781][T23305] dump_stack_lvl+0x180/0x1b0
[ 780.288815][T23305] should_fail_ex+0x520/0x650
[ 780.288837][T23305] _copy_from_user+0x30/0xd0
[ 780.288858][T23305] i2cdev_ioctl+0xfa/0x820
[ 780.288875][T23305] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 780.288891][T23305] ? __fget_files+0x1fb/0x3b0
[ 780.288983][T23305] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 780.289000][T23305] __x64_sys_ioctl+0x18f/0x210
[ 780.289025][T23305] do_syscall_64+0xcb/0xfa0
[ 780.289081][T23305] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 780.289099][T23305] RIP: 0033:0x7f721bfb059d
[ 780.289125][T23305] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 780.289140][T23305] RSP: 002b:00007f721ce98f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 780.289159][T23305] RAX: ffffffffffffffda RBX: 00007f721c225fa0 RCX: 00007f721bfb059d
[ 780.289170][T23305] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000003
[ 780.289179][T23305] RBP: 00007f721ce99010 R08: 0000000000000000 R09: 0000000000000000
[ 780.289224][T23305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 780.289233][T23305] R13: 00007f721c226038 R14: 00007f721c225fa0 R15: 00007f721ce79000
[ 780.289256][T23305] </TASK>
[ 780.564288][T23312] i2c i2c-0: Invalid block write size 137
[ 780.645602][T18778] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 780.702878][T23315] i2c i2c-0: Invalid block write size 96
[ 780.734396][ C1] vkms_vblank_simulate: vblank timer overrun
[ 780.866862][ C1] vkms_vblank_simulate: vblank timer overrun
[ 780.899497][T23326] i2c i2c-0: Invalid block write size 137
[ 780.903228][T23326] FAULT_INJECTION: forcing a failure.
[ 780.903228][T23326] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 780.912107][T23326] CPU: 3 UID: 0 PID: 23326 Comm: syz.1.4945 Not tainted 6.18.0 #1 PREEMPT(full)
[ 780.912123][T23326] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 780.912131][T23326] Call Trace:
[ 780.912136][T23326] <TASK>
[ 780.912142][T23326] dump_stack_lvl+0x180/0x1b0
[ 780.912164][T23326] should_fail_ex+0x520/0x650
[ 780.912220][T23326] _copy_to_user+0x32/0xd0
[ 780.912247][T23326] simple_read_from_buffer+0xcb/0x180
[ 780.912262][T23326] proc_fail_nth_read+0x18a/0x240
[ 780.912277][T23326] ? __pfx_proc_fail_nth_read+0x10/0x10
[ 780.912291][T23326] ? rw_verify_area+0xcf/0x6e0
[ 780.912303][T23326] ? __pfx_proc_fail_nth_read+0x10/0x10
[ 780.912316][T23326] vfs_read+0x1e6/0xc70
[ 780.912330][T23326] ? __pfx___mutex_lock+0x10/0x10
[ 780.912341][T23326] ? __pfx_vfs_read+0x10/0x10
[ 780.912353][T23326] ? __fget_files+0x1f1/0x3b0
[ 780.912369][T23326] ? __fget_files+0x1fb/0x3b0
[ 780.912385][T23326] ksys_read+0x121/0x240
[ 780.912398][T23326] ? __pfx_ksys_read+0x10/0x10
[ 780.912415][T23326] do_syscall_64+0xcb/0xfa0
[ 780.912433][T23326] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 780.912447][T23326] RIP: 0033:0x7f721bfaef6c
[ 780.912460][T23326] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 09 0e 03 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 4f 0e 03 00 48
[ 780.912471][T23326] RSP: 002b:00007f721ce98f90 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 780.912482][T23326] RAX: ffffffffffffffda RBX: 00007f721c225fa0 RCX: 00007f721bfaef6c
[ 780.912489][T23326] RDX: 000000000000000f RSI: 00007f721ce99020 RDI: 0000000000000004
[ 780.912565][T23326] RBP: 00007f721ce99010 R08: 0000000000000000 R09: 0000000000000000
[ 780.912571][T23326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 780.912578][T23326] R13: 00007f721c226038 R14: 00007f721c225fa0 R15: 00007f721ce79000
[ 780.912594][T23326] </TASK>
[ 780.926764][ C1] vkms_vblank_simulate: vblank timer overrun
[ 781.347774][ C1] vkms_vblank_simulate: vblank timer overrun
[ 781.459518][T18778] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 781.581352][T23338] i2c i2c-0: Invalid block write size 137
[ 781.612704][ C1] vkms_vblank_simulate: vblank timer overrun
[ 781.644898][T18778] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 781.738937][T23358] i2c i2c-0: Invalid block write size 137
[ 781.927901][T23374] i2c i2c-0: Invalid block write size 137
[ 781.939678][T18778] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 782.096488][T10230] Bluetooth: hci1: command tx timeout
[ 782.186013][T23290] chnl_net:caif_netlink_parms(): no params data found
[ 782.470356][T23290] bridge0: port 1(bridge_slave_0) entered blocking state
[ 782.476310][T23290] bridge0: port 1(bridge_slave_0) entered disabled state
[ 782.480034][T23290] bridge_slave_0: entered allmulticast mode
[ 782.482137][T23475] i2c i2c-0: Invalid block write size 96
[ 782.486497][T23290] bridge_slave_0: entered promiscuous mode
[ 782.487943][T23475] FAULT_INJECTION: forcing a failure.
[ 782.487943][T23475] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 782.487987][T23475] CPU: 2 UID: 0 PID: 23475 Comm: syz.3.4959 Not tainted 6.18.0 #1 PREEMPT(full)
[ 782.488009][T23475] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 782.488021][T23475] Call Trace:
[ 782.488029][T23475] <TASK>
[ 782.488036][T23475] dump_stack_lvl+0x180/0x1b0
[ 782.488070][T23475] should_fail_ex+0x520/0x650
[ 782.488095][T23475] _copy_to_user+0x32/0xd0
[ 782.488119][T23475] simple_read_from_buffer+0xcb/0x180
[ 782.488168][T23475] proc_fail_nth_read+0x18a/0x240
[ 782.488206][T23475] ? __pfx_proc_fail_nth_read+0x10/0x10
[ 782.488228][T23475] ? rw_verify_area+0xcf/0x6e0
[ 782.488249][T23475] ? __pfx_proc_fail_nth_read+0x10/0x10
[ 782.488271][T23475] vfs_read+0x1e6/0xc70
[ 782.488295][T23475] ? __pfx___mutex_lock+0x10/0x10
[ 782.488314][T23475] ? __pfx_vfs_read+0x10/0x10
[ 782.488334][T23475] ? __fget_files+0x1f1/0x3b0
[ 782.488360][T23475] ? __fget_files+0x1fb/0x3b0
[ 782.488387][T23475] ksys_read+0x121/0x240
[ 782.488409][T23475] ? __pfx_ksys_read+0x10/0x10
[ 782.488439][T23475] do_syscall_64+0xcb/0xfa0
[ 782.488468][T23475] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 782.488486][T23475] RIP: 0033:0x7fd8b9baef6c
[ 782.488502][T23475] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 09 0e 03 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 4f 0e 03 00 48
[ 782.488518][T23475] RSP: 002b:00007fd8baa0ef90 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 782.488537][T23475] RAX: ffffffffffffffda RBX: 00007fd8b9e25fa0 RCX: 00007fd8b9baef6c
[ 782.488549][T23475] RDX: 000000000000000f RSI: 00007fd8baa0f020 RDI: 0000000000000004
[ 782.492426][T23475] RBP: 00007fd8baa0f010 R08: 0000000000000000 R09: 0000000000000000
[ 782.492438][T23475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 782.492448][T23475] R13: 00007fd8b9e26038 R14: 00007fd8b9e25fa0 R15: 00007fd8ba9ef000
[ 782.492478][T23475] </TASK>
[ 782.674087][T23483] i2c i2c-0: Invalid block write size 137
[ 782.690733][T23290] bridge0: port 2(bridge_slave_1) entered blocking state
[ 782.771998][T23290] bridge0: port 2(bridge_slave_1) entered disabled state
[ 782.781661][T23290] bridge_slave_1: entered allmulticast mode
[ 782.817896][T23290] bridge_slave_1: entered promiscuous mode
[ 782.866033][T18778] bridge_slave_1: left allmulticast mode
[ 782.873119][T18778] bridge_slave_1: left promiscuous mode
[ 782.880173][T18778] bridge0: port 2(bridge_slave_1) entered disabled state
[ 782.939811][T18778] bridge_slave_0: left allmulticast mode
[ 782.950721][T18778] bridge_slave_0: left promiscuous mode
[ 782.959608][T18778] bridge0: port 1(bridge_slave_0) entered disabled state
[ 783.303097][T23514] i2c i2c-0: Invalid block write size 137
[ 783.657212][T23525] i2c i2c-0: Invalid block write size 137
[ 783.718533][T23530] i2c i2c-0: Invalid block write size 96
[ 783.732167][T18778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 783.788430][T18778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 783.814985][T18778] bond0 (unregistering): Released all slaves
[ 783.897077][T23290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 783.905776][T23542] i2c i2c-0: Invalid block write size 137
[ 784.063866][T23290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 784.079370][T23550] i2c i2c-0: Invalid block write size 137
[ 784.147467][T10230] Bluetooth: hci1: command tx timeout
[ 784.166811][T23561] i2c i2c-0: Invalid block write size 133
[ 784.250060][ C3] vkms_vblank_simulate: vblank timer overrun
[ 784.318018][T23574] i2c i2c-0: Invalid block write size 133
[ 784.318901][ C3] vkms_vblank_simulate: vblank timer overrun
[ 784.369149][T23575] i2c i2c-0: Invalid block write size 137
[ 784.572073][ C3] vkms_vblank_simulate: vblank timer overrun
[ 784.644803][ C3] vkms_vblank_simulate: vblank timer overrun
[ 784.658540][T23584] i2c i2c-0: Invalid block write size 137
[ 784.756386][ C3] vkms_vblank_simulate: vblank timer overrun
[ 784.789372][T23290] team0: Port device team_slave_0 added
[ 784.793340][ C3] vkms_vblank_simulate: vblank timer overrun
[ 784.911881][T23290] team0: Port device team_slave_1 added
[ 784.956055][T23606] i2c i2c-0: Invalid block write size 137
[ 784.983092][ C3] vkms_vblank_simulate: vblank timer overrun
[ 785.038058][T23631] i2c i2c-0: Invalid block write size 137
[ 785.196426][T23635] i2c i2c-0: Invalid block write size 137
[ 785.225310][T23290] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 785.229762][T23290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 785.282358][T23290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 785.329120][T23640] i2c i2c-0: Invalid block write size 137
[ 785.383293][T23290] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 785.396395][T23290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 785.411967][T23290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 785.500056][T18778] hsr_slave_0: left promiscuous mode
[ 785.508280][T18778] hsr_slave_1: left promiscuous mode
[ 785.514429][T18778] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 785.518505][T18778] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 785.528109][T23653] i2c i2c-0: Invalid block write size 137
[ 785.528656][T18778] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 785.544960][T18778] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 785.619108][T18778] veth1_macvtap: left promiscuous mode
[ 785.625142][T18778] veth0_macvtap: left promiscuous mode
[ 785.629657][T18778] veth1_vlan: left promiscuous mode
[ 785.636447][T18778] veth0_vlan: left promiscuous mode
[ 785.710132][ C3] vkms_vblank_simulate: vblank timer overrun
[ 785.823103][T23665] i2c i2c-0: Invalid block write size 137
[ 785.898500][T23667] i2c i2c-0: Invalid block write size 96
[ 786.016414][T23669] i2c i2c-0: Invalid block write size 137
[ 786.137452][ C3] vkms_vblank_simulate: vblank timer overrun
[ 786.225528][T10230] Bluetooth: hci1: command tx timeout
[ 786.344927][T23675] i2c i2c-0: Invalid block write size 96
[ 786.466689][ C3] vkms_vblank_simulate: vblank timer overrun
[ 786.640795][T23679] i2c i2c-0: Invalid block write size 137
[ 786.678313][ C3] vkms_vblank_simulate: vblank timer overrun
[ 786.850130][T23686] i2c i2c-0: Invalid block write size 96
[ 787.086274][T23693] i2c i2c-0: Invalid block write size 137
[ 787.433766][T18778] team0 (unregistering): Port device team_slave_1 removed
[ 787.492551][T18778] team0 (unregistering): Port device team_slave_0 removed
[ 787.579627][T23709] i2c i2c-0: Invalid block write size 137
[ 787.689910][T23713] i2c i2c-0: Invalid block write size 96
[ 787.709899][T23715] i2c i2c-0: Invalid block write size 137
[ 787.826188][T23662] warn_alloc: 3 callbacks suppressed
[ 787.826208][T23662] syz.1.5010: vmalloc error: size 3551232, failed to allocated page array size 6936, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 787.848303][T23662] CPU: 1 UID: 0 PID: 23662 Comm: syz.1.5010 Not tainted 6.18.0 #1 PREEMPT(full)
[ 787.848320][T23662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 787.848327][T23662] Call Trace:
[ 787.848332][T23662] <TASK>
[ 787.848338][T23662] dump_stack_lvl+0x180/0x1b0
[ 787.848361][T23662] warn_alloc+0x211/0x360
[ 787.848376][T23662] ? __pfx_warn_alloc+0x10/0x10
[ 787.848385][T23662] ? rcu_is_watching+0x12/0xc0
[ 787.848399][T23662] ? __pfx_alloc_vmap_area+0x10/0x10
[ 787.848413][T23662] ? __get_vm_area_node+0x10c/0x340
[ 787.848431][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848447][T23662] ? __vmalloc_node_noprof+0xac/0xf0
[ 787.848464][T23662] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 787.848484][T23662] ? alloc_vmap_area+0x55c/0x2860
[ 787.848571][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848592][T23662] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 787.848607][T23662] ? __pfx_alloc_vmap_area+0x10/0x10
[ 787.848620][T23662] ? stack_trace_save+0x8e/0xc0
[ 787.848632][T23662] ? __get_vm_area_node+0x10c/0x340
[ 787.848650][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848664][T23662] __vmalloc_node_noprof+0xac/0xf0
[ 787.848693][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848713][T23662] __vmalloc_node_range_noprof+0x40d/0x13b0
[ 787.848740][T23662] ? do_raw_spin_lock+0x12b/0x2b0
[ 787.848765][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848785][T23662] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 787.848806][T23662] __kvmalloc_node_noprof+0x41f/0x9d0
[ 787.848820][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848836][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848853][T23662] ? drm_property_create_blob.part.0+0x34/0x320
[ 787.848868][T23662] drm_property_create_blob.part.0+0x34/0x320
[ 787.848885][T23662] drm_mode_createblob_ioctl+0x139/0x490
[ 787.848903][T23662] drm_ioctl_kernel+0x1ed/0x3e0
[ 787.848913][T23662] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 787.848928][T23662] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 787.848942][T23662] drm_ioctl+0x574/0xb90
[ 787.848953][T23662] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 787.848968][T23662] ? __pfx_drm_ioctl+0x10/0x10
[ 787.848979][T23662] ? hook_file_ioctl_common+0x146/0x3f0
[ 787.848997][T23662] ? __fget_files+0x1fb/0x3b0
[ 787.849011][T23662] ? __pfx_drm_ioctl+0x10/0x10
[ 787.849021][T23662] __x64_sys_ioctl+0x18f/0x210
[ 787.849032][T23662] do_syscall_64+0xcb/0xfa0
[ 787.849049][T23662] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 787.849061][T23662] RIP: 0033:0x7f721bfb059d
[ 787.849072][T23662] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 787.849082][T23662] RSP: 002b:00007f721ce98f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 787.849093][T23662] RAX: ffffffffffffffda RBX: 00007f721c225fa0 RCX: 00007f721bfb059d
[ 787.849100][T23662] RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 0000000000000004
[ 787.849107][T23662] RBP: 00007f721c04e078 R08: 0000000000000000 R09: 0000000000000000
[ 787.849113][T23662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 787.849119][T23662] R13: 00007f721c226038 R14: 00007f721c225fa0 R15: 00007f721ce79000
[ 787.849133][T23662] </TASK>
[ 787.849138][T23662] Mem-Info:
[ 788.080426][T23662] active_anon:7941 inactive_anon:0 isolated_anon:0
[ 788.080426][T23662] active_file:3846 inactive_file:53002 isolated_file:0
[ 788.080426][T23662] unevictable:1768 dirty:2415 writeback:0
[ 788.080426][T23662] slab_reclaimable:12847 slab_unreclaimable:63898
[ 788.080426][T23662] mapped:27927 shmem:2801 pagetables:1619
[ 788.080426][T23662] sec_pagetables:0 bounce:0
[ 788.080426][T23662] kernel_misc_reclaimable:0
[ 788.080426][T23662] free:429900 free_pcp:7248 free_cma:0
[ 788.124574][T23662] Node 0 active_anon:13608kB inactive_anon:0kB active_file:10716kB inactive_file:60700kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:82092kB dirty:8528kB writeback:0kB shmem:5304kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5724kB pagetables:3700kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 788.165922][T23662] Node 1 active_anon:17988kB inactive_anon:0kB active_file:4668kB inactive_file:151312kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:29616kB dirty:1132kB writeback:4kB shmem:5900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6544kB pagetables:2660kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 788.186516][T23662] Node 0 DMA free:15216kB boost:0kB min:452kB low:564kB high:676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:144kB local_pcp:32kB free_cma:0kB
[ 788.217331][T23662] lowmem_reserve[]: 0 1176 1176 1176 1176
[ 788.223129][T23662] Node 0 DMA32 free:484912kB boost:0kB min:34836kB low:43544kB high:52252kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13612kB inactive_anon:0kB active_file:10716kB inactive_file:60700kB unevictable:3536kB writepending:8592kB zspages:0kB present:2080772kB managed:1204832kB mlocked:0kB bounce:0kB free_pcp:14324kB local_pcp:136kB free_cma:0kB
[ 788.258698][T23662] lowmem_reserve[]: 0 0 0 0 0
[ 788.260819][T23662] Node 1 DMA32 free:973356kB boost:0kB min:29136kB low:36420kB high:43704kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048444kB managed:982908kB mlocked:0kB bounce:0kB free_pcp:9472kB local_pcp:7196kB free_cma:0kB
[ 788.288095][T23662] lowmem_reserve[]: 0 0 846 846 846
[ 788.291392][T23662] Node 1 Normal free:246828kB boost:0kB min:25680kB low:32100kB high:38520kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17972kB inactive_anon:0kB active_file:4668kB inactive_file:151312kB unevictable:3536kB writepending:1132kB zspages:0kB present:1048576kB managed:866440kB mlocked:0kB bounce:0kB free_pcp:4208kB local_pcp:2664kB free_cma:0kB
[ 788.302802][T10230] Bluetooth: hci1: command tx timeout
[ 788.310462][T23662] lowmem_reserve[]: 0 0 0 0 0
[ 788.318611][T23662] Node 0 DMA: 3*4kB (U) 1*8kB (U) 4*16kB (U) 1*32kB (U) 4*64kB (U) 4*128kB (U) 4*256kB (U) 4*512kB (U) 5*1024kB (U) 1*2048kB (U) 1*4096kB (U) = 15220kB
[ 788.328244][T23662] Node 0 DMA32: 19*4kB (UME) 4*8kB (ME) 3*16kB (UM) 6*32kB (UME) 1*64kB (E) 1*128kB (U) 86*256kB (UE) 271*512kB (UM) 210*1024kB (UM) 45*2048kB (U) 4*4096kB (U) = 484892kB
[ 788.338529][T23662] Node 1 DMA32: 7*4kB (UM) 8*8kB (UM) 5*16kB (UM) 12*32kB (UM) 8*64kB (UM) 10*128kB (UM) 11*256kB (UM) 13*512kB (UM) 13*1024kB (UM) 11*2048kB (UM) 226*4096kB (UM) = 973356kB
[ 788.349368][T23662] Node 1 Normal: 119*4kB (UM) 80*8kB (UME) 15*16kB (UM) 16*32kB (UME) 20*64kB (ME) 189*128kB (UM) 207*256kB (UME) 111*512kB (UME) 73*1024kB (UME) 17*2048kB (UE) 0*4096kB = 246732kB
[ 788.359435][T23662] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 788.365006][T23662] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 788.369945][T23662] 59657 total pagecache pages
[ 788.372908][T23662] 0 pages in swap cache
[ 788.375354][T23662] Free swap = 124996kB
[ 788.377587][T23662] Total swap = 124996kB
[ 788.379906][T23662] 1048446 pages RAM
[ 788.382249][T23662] 0 pages HighMem/MovableOnly
[ 788.384199][T23662] 281061 pages reserved
[ 788.387737][T23662] 0 pages cma reserved
[ 788.737430][T23290] hsr_slave_0: entered promiscuous mode
[ 788.748741][T23290] hsr_slave_1: entered promiscuous mode
[ 788.763912][T23290] debugfs: 'hsr0' already exists in 'hsr'
[ 788.771252][T23290] Cannot create hsr debugfs directory
[ 790.097949][T23290] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 790.145049][T23290] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 790.185430][T23290] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 790.214329][T23290] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 790.513249][T23290] 8021q: adding VLAN 0 to HW filter on device bond0
[ 790.535242][T23290] 8021q: adding VLAN 0 to HW filter on device team0
[ 790.547113][ T7548] bridge0: port 1(bridge_slave_0) entered blocking state
[ 790.551149][ T7548] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 790.569813][ T7548] bridge0: port 2(bridge_slave_1) entered blocking state
[ 790.581260][ T7548] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 791.057375][T23290] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 791.135449][T23290] veth0_vlan: entered promiscuous mode
[ 791.154932][T23290] veth1_vlan: entered promiscuous mode
[ 791.203414][T23290] veth0_macvtap: entered promiscuous mode
[ 791.218979][T23290] veth1_macvtap: entered promiscuous mode
[ 791.268625][T23290] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 791.278117][T23290] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 791.305864][T22950] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 791.315611][T22950] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 791.319772][T22950] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 791.373268][T22950] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 791.594192][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 791.599057][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 791.798455][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 791.804041][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 791.840985][ C0] vkms_vblank_simulate: vblank timer overrun
[ 792.187707][ C0] vkms_vblank_simulate: vblank timer overrun
[ 792.278845][ C0] vkms_vblank_simulate: vblank timer overrun
[ 792.649156][T22675] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 792.678775][T22675] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 792.690098][T22675] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 792.709796][T23880] i2c i2c-0: Invalid block write size 96
[ 792.713811][T22675] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 792.740193][T22675] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 792.924056][T23893] i2c i2c-0: Invalid block write size 137
[ 792.985010][ C0] vkms_vblank_simulate: vblank timer overrun
[ 793.062386][T23906] i2c i2c-0: Invalid block write size 96
[ 793.085222][T23910] i2c i2c-0: Invalid block write size 96
[ 793.162478][ C0] vkms_vblank_simulate: vblank timer overrun
[ 793.308521][T23923] i2c i2c-0: Invalid block write size 137
[ 793.420409][T18778] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 793.500250][T23948] i2c i2c-0: Invalid block write size 137
[ 793.574718][T18778] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 793.610497][T23875] chnl_net:caif_netlink_parms(): no params data found
[ 793.687997][T18778] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 793.694915][T23989] i2c i2c-0: Invalid block write size 137
[ 793.813253][T18778] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 793.820063][T24016] i2c i2c-0: Invalid block write size 137
[ 793.889567][T24022] i2c i2c-0: Invalid block write size 96
[ 793.939126][T23875] bridge0: port 1(bridge_slave_0) entered blocking state
[ 793.957892][T23875] bridge0: port 1(bridge_slave_0) entered disabled state
[ 793.961566][T23875] bridge_slave_0: entered allmulticast mode
[ 793.977320][T23875] bridge_slave_0: entered promiscuous mode
[ 793.996640][T23875] bridge0: port 2(bridge_slave_1) entered blocking state
[ 794.009815][T23875] bridge0: port 2(bridge_slave_1) entered disabled state
[ 794.023783][T23875] bridge_slave_1: entered allmulticast mode
[ 794.029766][T23875] bridge_slave_1: entered promiscuous mode
[ 794.074450][T23875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 794.086116][T23875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 794.224427][T24079] i2c i2c-0: Invalid block write size 137
[ 794.249138][T23875] team0: Port device team_slave_0 added
[ 794.280987][T23875] team0: Port device team_slave_1 added
[ 794.292867][T18778] bridge_slave_1: left allmulticast mode
[ 794.298776][T18778] bridge_slave_1: left promiscuous mode
[ 794.308988][T18778] bridge0: port 2(bridge_slave_1) entered disabled state
[ 794.348012][T18778] bridge_slave_0: left allmulticast mode
[ 794.356011][T18778] bridge_slave_0: left promiscuous mode
[ 794.357050][T24090] i2c i2c-0: Invalid block write size 96
[ 794.380264][T18778] bridge0: port 1(bridge_slave_0) entered disabled state
[ 794.549506][T24100] i2c i2c-0: Invalid block write size 137
[ 794.768341][T24106] i2c i2c-0: Invalid block write size 96
[ 794.810876][T22675] Bluetooth: hci3: command tx timeout
[ 794.967400][T24113] i2c i2c-0: Invalid block write size 137
[ 795.215925][T24122] i2c i2c-0: Invalid block write size 137
[ 795.310307][T18778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 795.319318][T18778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 795.327095][T18778] bond0 (unregistering): Released all slaves
[ 795.417738][T24142] i2c i2c-0: Invalid block write size 137
[ 795.469135][T24144] i2c i2c-0: Invalid block write size 137
[ 795.542476][T23875] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 795.546934][T23875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 795.571326][T23875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 795.644873][T24151] i2c i2c-0: Invalid block write size 96
[ 795.678772][T23875] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 795.721598][T23875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 795.741243][T23875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 795.955347][T24187] i2c i2c-0: Invalid block write size 96
[ 796.036732][T18778] hsr_slave_0: left promiscuous mode
[ 796.067690][T18778] hsr_slave_1: left promiscuous mode
[ 796.101454][T18778] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 796.108986][T18778] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 796.170347][T18778] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 796.177095][T18778] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 796.259113][T18778] veth1_macvtap: left promiscuous mode
[ 796.268987][T18778] veth0_macvtap: left promiscuous mode
[ 796.284621][T18778] veth1_vlan: left promiscuous mode
[ 796.290467][T18778] veth0_vlan: left promiscuous mode
[ 796.437029][T24202] i2c i2c-0: Invalid block write size 137
[ 796.585484][T24204] i2c i2c-0: Invalid block write size 137
[ 796.674526][T24208] i2c i2c-0: Invalid block write size 96
[ 796.744766][T24214] i2c i2c-0: Invalid block write size 137
[ 796.835145][T24221] i2c i2c-0: Invalid block write size 96
[ 796.847511][T24222] i2c i2c-0: Invalid block write size 137
[ 796.861356][T24224] i2c i2c-0: Invalid block write size 137
[ 796.872398][T22675] Bluetooth: hci3: command tx timeout
[ 796.893370][T24226] i2c i2c-0: Invalid block write size 137
[ 796.929395][T24228] i2c i2c-0: Invalid block write size 96
[ 797.006413][T24236] i2c i2c-0: Invalid block write size 137
[ 797.064400][T24242] i2c i2c-0: Invalid block write size 96
[ 797.086650][T18778] team0 (unregistering): Port device team_slave_1 removed
[ 797.127715][T24247] i2c i2c-0: Invalid block write size 137
[ 797.169295][T18778] team0 (unregistering): Port device team_slave_0 removed
[ 797.171569][T24250] i2c i2c-0: Invalid block write size 137
[ 797.195397][T24252] i2c i2c-0: Invalid block write size 137
[ 797.258872][T24257] i2c i2c-0: Invalid block write size 96
[ 797.416546][T24265] i2c i2c-0: Invalid block write size 137
[ 797.507470][T24269] i2c i2c-0: Invalid block write size 137
[ 797.597219][T24273] i2c i2c-0: Invalid block write size 137
[ 798.016296][T24290] i2c i2c-0: Invalid block write size 137
[ 798.069925][T24292] i2c i2c-0: Invalid block write size 137
[ 798.127398][T24296] i2c i2c-0: Invalid block write size 137
[ 798.280211][T23875] hsr_slave_0: entered promiscuous mode
[ 798.285317][T23875] hsr_slave_1: entered promiscuous mode
[ 798.290967][T23875] debugfs: 'hsr0' already exists in 'hsr'
[ 798.302213][T23875] Cannot create hsr debugfs directory
[ 798.329389][T24308] i2c i2c-0: Invalid block write size 96
[ 798.339680][T24312] i2c i2c-0: Invalid block write size 96
[ 798.534987][T24377] i2c i2c-0: Invalid block write size 137
[ 798.652540][T24392] i2c i2c-0: Invalid block write size 137
[ 798.718449][T24396] i2c i2c-0: Invalid block write size 137
[ 798.852213][T24409] i2c i2c-0: Invalid block write size 137
[ 798.952362][T22675] Bluetooth: hci3: command tx timeout
[ 799.004329][ C0] vkms_vblank_simulate: vblank timer overrun
[ 799.100491][T24421] i2c i2c-0: Invalid block write size 137
[ 799.244005][T24438] i2c i2c-0: Invalid block write size 137
[ 799.295778][T24447] i2c i2c-0: Invalid block write size 137
[ 799.395399][T23875] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 799.406348][T23875] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 799.430667][T23875] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 799.469089][T23875] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 799.589501][T24476] i2c i2c-0: Invalid block write size 137
[ 799.628090][T23875] 8021q: adding VLAN 0 to HW filter on device bond0
[ 799.666400][T23875] 8021q: adding VLAN 0 to HW filter on device team0
[ 799.698764][ T7548] bridge0: port 1(bridge_slave_0) entered blocking state
[ 799.702356][ T7548] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 799.770803][ T7548] bridge0: port 2(bridge_slave_1) entered blocking state
[ 799.778547][ T7548] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 799.870814][T24487] i2c i2c-0: Invalid block write size 137
[ 799.952428][T24491] i2c i2c-0: Invalid block write size 96
[ 800.150766][T24501] i2c i2c-0: Invalid block write size 137
[ 800.320142][T24509] i2c i2c-0: Invalid block write size 137
[ 800.352334][T24511] i2c i2c-0: Invalid block write size 137
[ 800.407985][T23875] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 800.415932][T24513] i2c i2c-0: Invalid block write size 137
[ 800.490182][T24517] i2c i2c-0: Invalid block write size 137
[ 800.536419][T23875] veth0_vlan: entered promiscuous mode
[ 800.539872][T24519] i2c i2c-0: Invalid block write size 137
[ 800.557205][T23875] veth1_vlan: entered promiscuous mode
[ 800.578822][T24522] i2c i2c-0: Invalid block write size 96
[ 800.599619][T23875] veth0_macvtap: entered promiscuous mode
[ 800.619500][T23875] veth1_macvtap: entered promiscuous mode
[ 800.668734][T23875] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 800.688713][T23875] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 800.720507][T11333] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 800.727053][T11333] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 800.738497][T24529] i2c i2c-0: Invalid block write size 137
[ 800.741135][T11333] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 800.755216][T11333] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 800.839465][T24533] i2c i2c-0: Invalid block write size 137
[ 800.937971][T24540] i2c i2c-0: Invalid block write size 137
[ 800.985150][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 800.990354][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 800.998876][T24545] i2c i2c-0: Invalid block write size 137
[ 801.023132][T22675] Bluetooth: hci3: command tx timeout
[ 801.046921][T24549] i2c i2c-0: Invalid block write size 137
[ 801.249800][T24561] i2c i2c-0: Invalid block write size 96
[ 801.258345][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 801.266868][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 801.488349][T24567] i2c i2c-0: Invalid block write size 137
[ 801.495810][T24566] i2c i2c-0: Invalid block write size 137
[ 801.719214][T24579] i2c i2c-0: Invalid block write size 96
[ 802.055771][T24585] i2c i2c-0: Invalid block write size 137
[ 802.102409][T10230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 802.117367][T10230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 802.129129][T10230] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 802.142959][T24594] i2c i2c-0: Invalid block write size 137
[ 802.168155][T10230] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 802.182275][T10230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 802.516264][T11333] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 802.595909][T24635] i2c i2c-0: Invalid block write size 96
[ 802.698060][T11333] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 802.820397][T24586] chnl_net:caif_netlink_parms(): no params data found
[ 802.896309][T11333] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 803.084847][T11333] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 803.193641][T24586] bridge0: port 1(bridge_slave_0) entered blocking state
[ 803.197818][T24586] bridge0: port 1(bridge_slave_0) entered disabled state
[ 803.202974][T24586] bridge_slave_0: entered allmulticast mode
[ 803.208195][T24586] bridge_slave_0: entered promiscuous mode
[ 803.222460][T24586] bridge0: port 2(bridge_slave_1) entered blocking state
[ 803.226837][T24586] bridge0: port 2(bridge_slave_1) entered disabled state
[ 803.230811][T24586] bridge_slave_1: entered allmulticast mode
[ 803.241039][T24586] bridge_slave_1: entered promiscuous mode
[ 803.332791][T24586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 803.344936][T24586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 803.400281][T24586] team0: Port device team_slave_0 added
[ 803.407197][T24586] team0: Port device team_slave_1 added
[ 803.415744][T11333] bridge_slave_1: left allmulticast mode
[ 803.418801][T11333] bridge_slave_1: left promiscuous mode
[ 803.422889][T11333] bridge0: port 2(bridge_slave_1) entered disabled state
[ 803.434895][T11333] bridge_slave_0: left allmulticast mode
[ 803.438616][T11333] bridge_slave_0: left promiscuous mode
[ 803.442376][T11333] bridge0: port 1(bridge_slave_0) entered disabled state
[ 803.706494][T24772] i2c i2c-0: Invalid block write size 137
[ 803.777282][T24776] i2c i2c-0: Invalid block write size 96
[ 803.918457][T24781] i2c i2c-0: Invalid block write size 96
[ 803.988621][T24784] i2c i2c-0: Invalid block write size 137
[ 804.106381][T11333] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 804.145962][T11333] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 804.157041][T11333] bond0 (unregistering): Released all slaves
[ 804.223491][T10230] Bluetooth: hci2: command tx timeout
[ 804.264813][T24804] i2c i2c-0: Invalid block write size 137
[ 804.283039][T24806] i2c i2c-0: Invalid block write size 137
[ 804.323230][T24586] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 804.340067][T24586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 804.375426][T24586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 804.396026][T24586] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 804.407558][T24586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 804.425946][T24586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 804.540338][T24827] i2c i2c-0: Invalid block write size 96
[ 804.606195][T24832] i2c i2c-0: Invalid block write size 96
[ 804.732135][T24840] i2c i2c-0: Invalid block write size 137
[ 804.926933][T24586] hsr_slave_0: entered promiscuous mode
[ 804.939481][T24586] hsr_slave_1: entered promiscuous mode
[ 804.947997][T24586] debugfs: 'hsr0' already exists in 'hsr'
[ 804.959326][T24586] Cannot create hsr debugfs directory
[ 805.029596][T24877] i2c i2c-0: Invalid block write size 96
[ 805.338640][ C0] vkms_vblank_simulate: vblank timer overrun
[ 805.485363][T11333] hsr_slave_0: left promiscuous mode
[ 805.497825][T11333] hsr_slave_1: left promiscuous mode
[ 805.506971][T11333] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 805.511331][T11333] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 805.520774][T11333] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 805.524563][T11333] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 805.555230][T11333] veth1_macvtap: left promiscuous mode
[ 805.559197][T11333] veth0_macvtap: left promiscuous mode
[ 805.563455][T11333] veth1_vlan: left promiscuous mode
[ 805.567118][T11333] veth0_vlan: left promiscuous mode
[ 806.036424][T11333] team0 (unregistering): Port device team_slave_1 removed
[ 806.061135][T11333] team0 (unregistering): Port device team_slave_0 removed
[ 806.302614][T10230] Bluetooth: hci2: command tx timeout
[ 806.888533][T24586] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 806.899260][T24586] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 806.928419][T24586] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 806.939369][T24586] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 807.025988][T24586] 8021q: adding VLAN 0 to HW filter on device bond0
[ 807.041041][T24586] 8021q: adding VLAN 0 to HW filter on device team0
[ 807.053389][ T66] bridge0: port 1(bridge_slave_0) entered blocking state
[ 807.058976][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 807.075972][ T66] bridge0: port 2(bridge_slave_1) entered blocking state
[ 807.079300][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 807.312469][T24586] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 807.391255][T24586] veth0_vlan: entered promiscuous mode
[ 807.414615][T24586] veth1_vlan: entered promiscuous mode
[ 807.459093][T24586] veth0_macvtap: entered promiscuous mode
[ 807.467306][T24586] veth1_macvtap: entered promiscuous mode
[ 807.489423][T24586] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 807.501226][T24586] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 807.524695][T18778] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 807.528424][T18778] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 807.536986][T18778] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 807.551281][T18778] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 807.662991][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 807.671632][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 807.700990][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 807.709443][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 807.815192][T25006] i2c i2c-0: Invalid block write size 137
[ 807.820612][T25007] i2c i2c-0: Invalid block write size 137
[ 807.939686][ C0] vkms_vblank_simulate: vblank timer overrun
[ 808.151696][T25026] i2c i2c-0: Invalid block write size 137
[ 808.199736][T25033] i2c i2c-0: Invalid block write size 137
[ 808.249939][T25038] i2c i2c-0: Invalid block write size 137
[ 808.257050][T25039] i2c i2c-0: Invalid block write size 137
[ 808.382928][T10230] Bluetooth: hci2: command tx timeout
[ 808.462595][T25058] i2c i2c-0: Invalid block write size 137
[ 808.516141][T25060] i2c i2c-0: Invalid block write size 137
[ 808.621316][T25076] i2c i2c-0: Invalid block write size 137
[ 808.679967][T25082] i2c i2c-0: Invalid block write size 96
[ 809.091747][ C0] vkms_vblank_simulate: vblank timer overrun
[ 809.518796][T25097] i2c i2c-0: Invalid block write size 137
[ 809.563410][T25098] i2c i2c-0: Invalid block write size 137
[ 810.010414][T25128] i2c i2c-0: Invalid block write size 96
[ 810.127959][T25133] i2c i2c-0: Invalid block write size 96
[ 810.251922][T25136] i2c i2c-0: Invalid block write size 96
[ 810.376973][ C0] vkms_vblank_simulate: vblank timer overrun
[ 810.482780][T10230] Bluetooth: hci2: command tx timeout
[ 811.205918][T25152] i2c i2c-0: Invalid block write size 137
[ 811.341161][T25151] i2c i2c-0: Invalid block write size 137
[ 811.746303][T25166] i2c i2c-0: Invalid block write size 137
[ 812.789130][ C0] vkms_vblank_simulate: vblank timer overrun
[ 812.807062][T25194] i2c i2c-0: Invalid block write size 137
[ 812.893139][T25196] i2c i2c-0: Invalid block write size 137
[ 813.066925][ C0] vkms_vblank_simulate: vblank timer overrun
[ 813.097868][T25204] i2c i2c-0: Invalid block write size 96
[ 813.151099][T25115] warn_alloc: 3 callbacks suppressed
[ 813.151164][T25115] syz.0.5288: vmalloc error: size 3551232, failed to allocated page array size 6936, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[ 813.152900][ C0] vkms_vblank_simulate: vblank timer overrun
[ 813.155396][T25115] ,cpuset=/,mems_allowed=0-1
[ 813.176165][T25115] CPU: 2 UID: 0 PID: 25115 Comm: syz.0.5288 Not tainted 6.18.0 #1 PREEMPT(full)
[ 813.176194][T25115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 813.176257][T25115] Call Trace:
[ 813.176320][T25115] <TASK>
[ 813.176373][T25115] dump_stack_lvl+0x180/0x1b0
[ 813.177828][T25115] warn_alloc+0x211/0x360
[ 813.178029][T25115] ? __pfx_warn_alloc+0x10/0x10
[ 813.178046][T25115] ? rcu_is_watching+0x12/0xc0
[ 813.178175][T25115] ? __pfx_alloc_vmap_area+0x10/0x10
[ 813.178234][T25115] ? __get_vm_area_node+0x10c/0x340
[ 813.178262][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.178401][T25115] ? __vmalloc_node_noprof+0xac/0xf0
[ 813.178429][T25115] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 813.178458][T25115] ? alloc_vmap_area+0x55c/0x2860
[ 813.178479][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.178508][T25115] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 813.178532][T25115] ? __pfx_alloc_vmap_area+0x10/0x10
[ 813.178553][T25115] ? stack_trace_save+0x8e/0xc0
[ 813.178719][T25115] ? __get_vm_area_node+0x10c/0x340
[ 813.178748][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.178770][T25115] __vmalloc_node_noprof+0xac/0xf0
[ 813.178794][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.178820][T25115] __vmalloc_node_range_noprof+0x40d/0x13b0
[ 813.178847][T25115] ? do_raw_spin_lock+0x12b/0x2b0
[ 813.178902][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.178933][T25115] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 813.178969][T25115] __kvmalloc_node_noprof+0x41f/0x9d0
[ 813.179003][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.179028][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.179057][T25115] ? drm_property_create_blob.part.0+0x34/0x320
[ 813.179080][T25115] drm_property_create_blob.part.0+0x34/0x320
[ 813.179109][T25115] drm_mode_createblob_ioctl+0x139/0x490
[ 813.179151][T25115] drm_ioctl_kernel+0x1ed/0x3e0
[ 813.179181][T25115] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 813.179207][T25115] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 813.179229][T25115] drm_ioctl+0x574/0xb90
[ 813.179268][T25115] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 813.179293][T25115] ? __pfx_drm_ioctl+0x10/0x10
[ 813.179313][T25115] ? hook_file_ioctl_common+0x146/0x3f0
[ 813.179457][T25115] ? __fget_files+0x1fb/0x3b0
[ 813.179529][T25115] ? __pfx_drm_ioctl+0x10/0x10
[ 813.179546][T25115] __x64_sys_ioctl+0x18f/0x210
[ 813.179603][T25115] do_syscall_64+0xcb/0xfa0
[ 813.179682][T25115] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 813.179747][T25115] RIP: 0033:0x7fd982bb059d
[ 813.179813][T25115] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 813.179832][T25115] RSP: 002b:00007fd983a8df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 813.180064][T25115] RAX: ffffffffffffffda RBX: 00007fd982e25fa0 RCX: 00007fd982bb059d
[ 813.180078][T25115] RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 0000000000000004
[ 813.180091][T25115] RBP: 00007fd982c4e078 R08: 0000000000000000 R09: 0000000000000000
[ 813.180104][T25115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 813.180349][T25115] R13: 00007fd982e26038 R14: 00007fd982e25fa0 R15: 00007fd983a6e000
[ 813.180378][T25115] </TASK>
[ 813.180403][T25115] Mem-Info:
[ 813.219885][ C0] vkms_vblank_simulate: vblank timer overrun
[ 813.222482][T25115] active_anon:6959 inactive_anon:0 isolated_anon:0
[ 813.222482][T25115] active_file:3974 inactive_file:53052 isolated_file:0
[ 813.222482][T25115] unevictable:1768 dirty:2432 writeback:2
[ 813.222482][T25115] slab_reclaimable:12985 slab_unreclaimable:64857
[ 813.222482][T25115] mapped:27988 shmem:2800 pagetables:1474
[ 813.222482][T25115] sec_pagetables:0 bounce:0
[ 813.222482][T25115] kernel_misc_reclaimable:0
[ 813.222482][T25115] free:427525 free_pcp:9694 free_cma:0
[ 813.559225][T25218] i2c i2c-0: Invalid block write size 137
[ 813.568275][T25115] Node 0 active_anon:11680kB inactive_anon:0kB active_file:11056kB inactive_file:60804kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:69932kB dirty:8816kB writeback:0kB shmem:5296kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5596kB pagetables:3184kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 813.649628][T25220] i2c i2c-0: Invalid block write size 137
[ 813.657250][T25115] Node 1 active_anon:16436kB inactive_anon:0kB active_file:4840kB inactive_file:151420kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42040kB dirty:1076kB writeback:0kB shmem:5904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6616kB pagetables:3252kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 813.720269][T25115] Node 0 DMA free:15280kB boost:0kB min:452kB low:564kB high:676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:76kB local_pcp:64kB free_cma:0kB
[ 813.774236][T25115] lowmem_reserve[]: 0 1176 1176 1176 1176
[ 813.780386][T25115] Node 0 DMA32 free:634828kB boost:0kB min:34836kB low:43544kB high:52252kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11680kB inactive_anon:0kB active_file:11056kB inactive_file:60804kB unevictable:3536kB writepending:8816kB zspages:0kB present:2080772kB managed:1204832kB mlocked:0kB bounce:0kB free_pcp:6720kB local_pcp:2468kB free_cma:0kB
[ 813.818041][T25224] i2c i2c-0: Invalid block write size 137
[ 813.837194][ C0] vkms_vblank_simulate: vblank timer overrun
[ 813.870993][T25115] lowmem_reserve[]: 0 0 0 0 0
[ 813.878416][T25115] Node 1 DMA32 free:959348kB boost:0kB min:29136kB low:36420kB high:43704kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048444kB managed:982908kB mlocked:0kB bounce:0kB free_pcp:23480kB local_pcp:5900kB free_cma:0kB
[ 813.971745][T25115] lowmem_reserve[]: 0 0 846 846 846
[ 813.977859][T25115] Node 1 Normal free:100532kB boost:0kB min:25680kB low:32100kB high:38520kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16336kB inactive_anon:0kB active_file:4840kB inactive_file:151420kB unevictable:3536kB writepending:1076kB zspages:0kB present:1048576kB managed:866440kB mlocked:0kB bounce:0kB free_pcp:8460kB local_pcp:88kB free_cma:0kB
[ 814.006724][T25115] lowmem_reserve[]: 0 0 0 0 0
[ 814.011504][T25115] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 2*64kB (U) 2*128kB (U) 2*256kB (U) 2*512kB (U) 3*1024kB (U) 3*2048kB (U) 1*4096kB (U) = 15284kB
[ 814.033239][T25115] Node 0 DMA32: 261*4kB (UME) 174*8kB (UME) 45*16kB (UM) 20*32kB (ME) 29*64kB (UME) 401*128kB (UME) 356*256kB (UME) 294*512kB (UME) 218*1024kB (UME) 47*2048kB (UE) 4*4096kB (U) = 634516kB
[ 814.048529][T25231] i2c i2c-0: Invalid block write size 96
[ 814.053886][T25115] Node 1 DMA32: 3*4kB (UM) 7*8kB (UM) 5*16kB (UM) 11*32kB (UM) 10*64kB (UM) 12*128kB (UM) 11*256kB (UM) 7*512kB (UM) 10*1024kB (UM) 11*2048kB (UM) 224*4096kB (UM) = 959348kB
[ 814.071700][T25115] Node 1 Normal: 274*4kB (UME) 115*8kB (UME) 28*16kB (UME) 15*32kB (UME) 7*64kB (UME) 10*128kB (UME) 6*256kB (UM) 12*512kB (UME) 76*1024kB (UME) 5*2048kB (U) 0*4096kB = 100416kB
[ 814.097775][T25115] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 814.112534][T25115] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 814.127288][T25115] 59832 total pagecache pages
[ 814.135734][T25115] 0 pages in swap cache
[ 814.142985][T25115] Free swap = 124996kB
[ 814.150798][T25115] Total swap = 124996kB
[ 814.155722][T25115] 1048446 pages RAM
[ 814.161342][T25115] 0 pages HighMem/MovableOnly
[ 814.173142][T25115] 281061 pages reserved
[ 814.175145][T25115] 0 pages cma reserved
[ 814.359461][T25245] i2c i2c-0: Invalid block write size 137
[ 814.404400][T25250] i2c i2c-0: Invalid block write size 137
[ 814.463765][T25252] i2c i2c-0: Invalid block write size 137
[ 814.501247][T25254] i2c i2c-0: Invalid block write size 137
[ 814.581200][T25258] i2c i2c-0: Invalid block write size 96
[ 815.327364][T25275] i2c i2c-0: Invalid block write size 137
[ 815.351506][T25273] i2c i2c-0: Invalid block write size 134
[ 815.519080][T25281] i2c i2c-0: Invalid block write size 137
[ 815.579502][T25283] i2c i2c-0: Invalid block write size 137
[ 815.697972][T25289] i2c i2c-0: Invalid block write size 96
[ 816.135849][T25307] i2c i2c-0: Invalid block write size 137
[ 816.249268][T25309] FAULT_INJECTION: forcing a failure.
[ 816.249268][T25309] name failslab, interval 1, probability 0, space 0, times 0
[ 816.284389][T25309] CPU: 2 UID: 0 PID: 25309 Comm: syz.1.5371 Not tainted 6.18.0 #1 PREEMPT(full)
[ 816.284418][T25309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 816.284454][T25309] Call Trace:
[ 816.284490][T25309] <TASK>
[ 816.284521][T25309] dump_stack_lvl+0x180/0x1b0
[ 816.285001][T25309] should_fail_ex+0x520/0x650
[ 816.285216][T25309] ? tomoyo_realpath_from_path+0xc3/0x600
[ 816.285302][T25309] should_failslab+0xc2/0x120
[ 816.285445][T25309] __kmalloc_noprof+0xdc/0x8c0
[ 816.285715][T25309] ? kfree+0x3b1/0x6c0
[ 816.285742][T25309] ? tomoyo_realpath_from_path+0xc3/0x600
[ 816.285767][T25309] tomoyo_realpath_from_path+0xc3/0x600
[ 816.285796][T25309] ? tomoyo_profile+0x46/0x60
[ 816.285841][T25309] tomoyo_path_number_perm+0x221/0x550
[ 816.285860][T25309] ? tomoyo_path_number_perm+0x213/0x550
[ 816.285882][T25309] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 816.285902][T25309] ? proc_fail_nth_write+0x97/0x220
[ 816.285987][T25309] ? hook_file_ioctl_common+0x146/0x3f0
[ 816.286039][T25309] ? __fget_files+0x1f1/0x3b0
[ 816.286103][T25309] ? __fget_files+0x1fb/0x3b0
[ 816.286147][T25309] security_file_ioctl+0x9f/0x260
[ 816.286210][T25309] __x64_sys_ioctl+0xb7/0x210
[ 816.286240][T25309] do_syscall_64+0xcb/0xfa0
[ 816.286314][T25309] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 816.286395][T25309] RIP: 0033:0x7f4e641b059d
[ 816.286431][T25309] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 816.286465][T25309] RSP: 002b:00007f4e64fe5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 816.286524][T25309] RAX: ffffffffffffffda RBX: 00007f4e64425fa0 RCX: 00007f4e641b059d
[ 816.286536][T25309] RDX: 0000200000000cc0 RSI: 00000000c018643a RDI: 0000000000000005
[ 816.286546][T25309] RBP: 00007f4e64fe6010 R08: 0000000000000000 R09: 0000000000000000
[ 816.286556][T25309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 816.286566][T25309] R13: 00007f4e64426038 R14: 00007f4e64425fa0 R15: 00007f4e64fc6000
[ 816.286674][T25309] </TASK>
[ 816.286742][T25309] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 816.436388][T25319] i2c i2c-0: Invalid block write size 137
[ 816.552035][T25317] i2c i2c-0: Invalid block write size 137
[ 817.083964][T25336] i2c i2c-0: Invalid block write size 137
[ 817.293736][T25341] i2c i2c-0: Invalid block write size 137
[ 817.312001][T25340] i2c i2c-0: Invalid block write size 137
[ 817.615178][T25348] i2c i2c-0: Invalid block write size 96
[ 818.258314][T25363] i2c i2c-0: Invalid block write size 137
[ 818.602435][T25371] i2c i2c-0: Invalid block write size 96
[ 818.861276][T25376] i2c i2c-0: Invalid block write size 96
[ 818.993189][T25381] i2c i2c-0: Invalid block write size 137
[ 819.222332][T25387] i2c i2c-0: Invalid block write size 137
[ 819.566890][T25397] i2c i2c-0: Invalid block write size 96
[ 819.695096][T25401] i2c i2c-0: Invalid block write size 137
[ 819.823058][T25405] i2c i2c-0: Invalid block write size 137
[ 820.144209][T25411] i2c i2c-0: Invalid block write size 137
[ 820.176751][T25413] i2c i2c-0: Invalid block write size 137
[ 820.345204][T25417] i2c i2c-0: Invalid block write size 137
[ 820.477422][T25421] i2c i2c-0: Invalid block write size 96
[ 820.632168][T25424] i2c i2c-0: Invalid block write size 137
[ 820.728289][T25427] i2c i2c-0: Invalid block write size 96
[ 820.820622][T25431] i2c i2c-0: Invalid block write size 137
[ 821.365921][T25448] i2c i2c-0: Invalid block write size 137
[ 821.537321][T25452] i2c i2c-0: Invalid block write size 137
[ 821.798701][T25464] i2c i2c-0: Invalid block write size 96
[ 821.886875][T25468] i2c i2c-0: Invalid block write size 137
[ 822.018816][T25474] i2c i2c-0: Invalid block write size 137
[ 822.518979][T25477] i2c i2c-0: Invalid block write size 137
[ 822.711388][T25490] i2c i2c-0: Invalid block write size 137
[ 822.718167][T25491] i2c i2c-0: Invalid block write size 96
[ 822.748255][T25493] i2c i2c-0: Invalid block write size 137
[ 822.983469][T25507] i2c i2c-0: Invalid block write size 137
[ 823.149027][T25519] i2c i2c-0: Invalid block write size 96
[ 823.211170][T25521] i2c i2c-0: Invalid block write size 137
[ 823.307686][T25527] i2c i2c-0: Invalid block write size 96
[ 823.330286][T25529] i2c i2c-0: Invalid block write size 137
[ 823.501188][T25540] i2c i2c-0: Invalid block write size 137
[ 823.844048][T25558] i2c i2c-0: Invalid block write size 96
[ 823.934540][T25565] i2c i2c-0: Invalid block write size 137
[ 824.126413][T25480] warn_alloc: 5 callbacks suppressed
[ 824.126471][T25480] syz.0.5447: vmalloc error: size 261324800, failed to allocated page array size 510400, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 824.145313][T25480] CPU: 3 UID: 0 PID: 25480 Comm: syz.0.5447 Not tainted 6.18.0 #1 PREEMPT(full)
[ 824.145340][T25480] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 824.145353][T25480] Call Trace:
[ 824.145361][T25480] <TASK>
[ 824.145427][T25480] dump_stack_lvl+0x180/0x1b0
[ 824.145463][T25480] warn_alloc+0x211/0x360
[ 824.145514][T25480] ? __pfx_warn_alloc+0x10/0x10
[ 824.145536][T25480] ? __pfx_alloc_vmap_area+0x10/0x10
[ 824.145630][T25480] ? __get_vm_area_node+0x10c/0x340
[ 824.145664][T25480] ? drm_property_create_blob.part.0+0x34/0x320
[ 824.145845][T25480] ? __vmalloc_node_noprof+0xac/0xf0
[ 824.145879][T25480] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 824.145918][T25480] ? drm_property_create_blob.part.0+0x34/0x320
[ 824.145953][T25480] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 824.145993][T25480] __kvmalloc_node_noprof+0x41f/0x9d0
[ 824.146018][T25480] ? drm_property_create_blob.part.0+0x34/0x320
[ 824.146046][T25480] ? drm_property_create_blob.part.0+0x34/0x320
[ 824.146087][T25480] ? drm_property_create_blob.part.0+0x34/0x320
[ 824.146129][T25480] drm_property_create_blob.part.0+0x34/0x320
[ 824.146159][T25480] drm_mode_createblob_ioctl+0x139/0x490
[ 824.146188][T25480] drm_ioctl_kernel+0x1ed/0x3e0
[ 824.146216][T25480] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 824.146242][T25480] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 824.146266][T25480] drm_ioctl+0x574/0xb90
[ 824.146283][T25480] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 824.146306][T25480] ? __pfx_drm_ioctl+0x10/0x10
[ 824.146323][T25480] ? hook_file_ioctl_common+0x146/0x3f0
[ 824.146352][T25480] ? __fget_files+0x1fb/0x3b0
[ 824.146376][T25480] ? __pfx_drm_ioctl+0x10/0x10
[ 824.146394][T25480] __x64_sys_ioctl+0x18f/0x210
[ 824.146415][T25480] do_syscall_64+0xcb/0xfa0
[ 824.146446][T25480] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 824.146466][T25480] RIP: 0033:0x7fd982bb059d
[ 824.146483][T25480] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 824.146501][T25480] RSP: 002b:00007fd983a8df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 824.146520][T25480] RAX: ffffffffffffffda RBX: 00007fd982e25fa0 RCX: 00007fd982bb059d
[ 824.146532][T25480] RDX: 0000200000000100 RSI: 00000000c01064bd RDI: 0000000000000009
[ 824.146544][T25480] RBP: 00007fd982c4e078 R08: 0000000000000000 R09: 0000000000000000
[ 824.146554][T25480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 824.146578][T25480] R13: 00007fd982e26038 R14: 00007fd982e25fa0 R15: 00007fd983a6e000
[ 824.146645][T25480] </TASK>
[ 824.146783][T25480] Mem-Info:
[ 824.195921][T25584] i2c i2c-0: Invalid block write size 137
[ 824.209244][T25480] active_anon:7008 inactive_anon:0 isolated_anon:0
[ 824.209244][T25480] active_file:4112 inactive_file:53070 isolated_file:0
[ 824.209244][T25480] unevictable:1768 dirty:2623 writeback:0
[ 824.209244][T25480] slab_reclaimable:13025 slab_unreclaimable:64917
[ 824.209244][T25480] mapped:28243 shmem:2800 pagetables:1568
[ 824.209244][T25480] sec_pagetables:0 bounce:0
[ 824.209244][T25480] kernel_misc_reclaimable:0
[ 824.209244][T25480] free:475092 free_pcp:9552 free_cma:0
[ 824.251317][T25588] i2c i2c-0: Invalid block write size 137
[ 824.253442][T25480] Node 0 active_anon:11924kB inactive_anon:0kB active_file:11280kB inactive_file:60840kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:70344kB dirty:8800kB writeback:0kB shmem:5300kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5628kB pagetables:3540kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 824.265718][T25590] i2c i2c-0: Invalid block write size 96
[ 824.355423][T25597] i2c i2c-0: Invalid block write size 137
[ 824.372735][T25480] Node 1 active_anon:16072kB inactive_anon:0kB active_file:5168kB inactive_file:151440kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42680kB dirty:1712kB writeback:0kB shmem:5900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6532kB pagetables:2664kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 824.372848][T25480] Node 0 DMA free:15284kB boost:0kB min:452kB low:564kB high:676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:76kB local_pcp:0kB free_cma:0kB
[ 824.372913][T25480] lowmem_reserve[]: 0 1176 1176 1176 1176
[ 824.372990][T25480] Node 0 DMA32 free:656844kB boost:0kB min:34836kB low:43544kB high:52252kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11924kB inactive_anon:0kB active_file:11280kB inactive_file:60840kB unevictable:3536kB writepending:8800kB zspages:0kB present:2080772kB managed:1204832kB mlocked:0kB bounce:0kB free_pcp:11716kB local_pcp:780kB free_cma:0kB
[ 824.373048][T25480] lowmem_reserve[]: 0 0 0 0 0
[ 824.373103][T25480] Node 1 DMA32 free:968192kB boost:0kB min:29136kB low:36420kB high:43704kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048444kB managed:982908kB mlocked:0kB bounce:0kB free_pcp:14636kB local_pcp:4632kB free_cma:0kB
[ 824.373161][T25480] lowmem_reserve[]: 0 0 846 846 846
[ 824.373202][T25480] Node 1 Normal free:259344kB boost:0kB min:25680kB low:32100kB high:38520kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16072kB inactive_anon:0kB active_file:5168kB inactive_file:151440kB unevictable:3536kB writepending:1712kB zspages:0kB present:1048576kB managed:866440kB mlocked:0kB bounce:0kB free_pcp:12156kB local_pcp:5440kB free_cma:0kB
[ 824.373260][T25480] lowmem_reserve[]: 0 0 0 0 0
[ 824.373299][T25480] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 2*64kB (U) 2*128kB (U) 2*256kB (U) 2*512kB (U) 3*1024kB (U) 3*2048kB (U) 1*4096kB (U) = 15284kB
[ 824.373467][T25480] Node 0 DMA32: 1336*4kB (UME) 689*8kB (UME) 280*16kB (UM) 115*32kB (UME) 291*64kB (UME) 354*128kB (UM) 343*256kB (UE) 293*512kB (UME) 218*1024kB (UME) 47*2048kB (UE) 4*4096kB (U) = 656648kB
[ 824.373659][T25480] Node 1 DMA32: 4*4kB (UM) 6*8kB (UM) 6*16kB (UM) 9*32kB (UM) 7*64kB (UM) 11*128kB (UM) 11*256kB (UM) 9*512kB (UM) 8*1024kB (UM) 12*2048kB (UM) 226*4096kB (UM) = 968192kB
[ 824.373886][T25480] Node 1 Normal: 191*4kB (UM) 132*8kB (UME) 40*16kB (UME) 100*32kB (UME) 127*64kB (UME) 334*128kB (UME) 210*256kB (UM) 119*512kB (UME) 70*1024kB (UME) 8*2048kB (U) 0*4096kB = 259292kB
[ 824.374182][T25480] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 824.374233][T25480] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 824.374249][T25480] 59986 total pagecache pages
[ 824.374257][T25480] 0 pages in swap cache
[ 824.374288][T25480] Free swap = 124996kB
[ 824.374297][T25480] Total swap = 124996kB
[ 824.374306][T25480] 1048446 pages RAM
[ 824.374314][T25480] 0 pages HighMem/MovableOnly
[ 824.374322][T25480] 281061 pages reserved
[ 824.374330][T25480] 0 pages cma reserved
[ 824.389379][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.570887][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.617730][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.655309][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.712028][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.754954][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.793886][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.823780][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.900881][ C2] vkms_vblank_simulate: vblank timer overrun
[ 824.976891][T25598] i2c i2c-0: Invalid block write size 137
[ 825.215171][T25621] i2c i2c-0: Invalid block write size 96
[ 825.351361][T25629] i2c i2c-0: Invalid block write size 137
[ 825.403871][ C2] vkms_vblank_simulate: vblank timer overrun
[ 825.486471][T25637] i2c i2c-0: Invalid block write size 137
[ 825.747190][T25652] i2c i2c-0: Invalid block write size 96
[ 825.816222][T25654] i2c i2c-0: Invalid block write size 137
[ 825.847254][ C2] vkms_vblank_simulate: vblank timer overrun
[ 825.986770][T25663] i2c i2c-0: Invalid block write size 96
[ 826.009964][T25665] i2c i2c-0: Invalid block write size 137
[ 826.334271][ C2] vkms_vblank_simulate: vblank timer overrun
[ 826.341144][T25678] i2c i2c-0: Invalid block write size 137
[ 826.380324][T25685] i2c i2c-0: Invalid block write size 137
[ 826.386701][T25687] i2c i2c-0: Invalid block write size 96
[ 826.563919][T25693] i2c i2c-0: Invalid block write size 137
[ 826.835921][T25716] i2c i2c-0: Invalid block write size 137
[ 826.872395][T25718] i2c i2c-0: Invalid block write size 137
[ 826.996031][T25723] i2c i2c-0: Invalid block write size 96
[ 827.032588][T25730] i2c i2c-0: Invalid block write size 137
[ 827.490715][T25751] i2c i2c-0: Invalid block write size 137
[ 827.567024][T25753] i2c i2c-0: Invalid block write size 137
[ 827.653430][T25757] i2c i2c-0: Invalid block write size 96
[ 827.828313][T25764] i2c i2c-0: Invalid block write size 137
[ 828.344504][T25791] i2c i2c-0: Invalid block write size 96
[ 828.395321][ T1356] ieee802154 phy0 wpan0: encryption failed: -22
[ 828.402299][ T1356] ieee802154 phy1 wpan1: encryption failed: -22
[ 828.459824][T25794] i2c i2c-0: Invalid block write size 137
[ 828.827490][T25806] i2c i2c-0: Invalid block write size 137
[ 828.943963][T25810] i2c i2c-0: Invalid block write size 137
[ 829.033607][T25815] i2c i2c-0: Invalid block write size 137
[ 829.191446][ C2] vkms_vblank_simulate: vblank timer overrun
[ 829.430924][T25831] i2c i2c-0: Invalid block write size 96
[ 829.468881][T25833] i2c i2c-0: Invalid block write size 137
[ 829.734502][ C2] vkms_vblank_simulate: vblank timer overrun
[ 830.332710][T25848] i2c i2c-0: Invalid block write size 137
[ 830.937836][T25867] i2c i2c-0: Invalid block write size 137
[ 831.055850][T25870] i2c i2c-0: Invalid block write size 137
[ 831.108507][T25872] i2c i2c-0: Invalid block write size 96
[ 831.614233][T25882] i2c i2c-0: Invalid block write size 137
[ 831.725234][T25886] i2c i2c-0: Invalid block write size 137
[ 831.891836][T25893] i2c i2c-0: Invalid block write size 137
[ 832.044035][T25904] i2c i2c-0: Invalid block write size 137
[ 832.072883][T25907] i2c i2c-0: Invalid block write size 96
[ 832.132519][T25914] i2c i2c-0: Invalid block write size 137
[ 832.215846][T25918] i2c i2c-0: Invalid block write size 137
[ 832.296160][T25920] i2c i2c-0: Invalid block write size 137
[ 832.419813][T25935] i2c i2c-0: Invalid block write size 137
[ 832.509200][T25940] i2c i2c-0: Invalid block write size 137
[ 832.521803][T25944] i2c i2c-0: Invalid block write size 96
[ 832.611350][T25946] i2c i2c-0: Invalid block write size 137
[ 832.765271][T25954] i2c i2c-0: Invalid block write size 137
[ 833.189484][T25977] i2c i2c-0: Invalid block write size 137
[ 833.314803][T25983] i2c i2c-0: Invalid block write size 137
[ 833.517437][T25995] i2c i2c-0: Invalid block write size 137
[ 833.735938][T26008] i2c i2c-0: Invalid block write size 137
[ 833.872104][T26015] i2c i2c-0: Invalid block write size 137
[ 833.878293][ C2] vkms_vblank_simulate: vblank timer overrun
[ 833.914165][T26016] i2c i2c-0: Invalid block write size 137
[ 834.002563][T26022] i2c i2c-0: Invalid block write size 137
[ 834.272831][T26036] i2c i2c-0: Invalid block write size 137
[ 834.309348][T26039] i2c i2c-0: Invalid block write size 96
[ 834.421946][T26048] i2c i2c-0: Invalid block write size 137
[ 834.504282][T26050] i2c i2c-0: Invalid block write size 137
[ 835.138952][T26080] i2c i2c-0: Invalid block write size 137
[ 835.278030][T26085] i2c i2c-0: Invalid block write size 137
[ 835.570963][T26105] i2c i2c-0: Invalid block write size 137
[ 835.769196][ C3] vkms_vblank_simulate: vblank timer overrun
[ 835.863290][T26115] i2c i2c-0: Invalid block write size 137
[ 836.197400][T26131] i2c i2c-0: Invalid block write size 96
[ 836.252449][T26134] i2c i2c-0: Invalid block write size 137
[ 836.300503][T26136] i2c i2c-0: Invalid block write size 137
[ 836.375094][T26140] i2c i2c-0: Invalid block write size 137
[ 836.576788][T26150] i2c i2c-0: Invalid block write size 137
[ 836.667129][T26153] i2c i2c-0: Invalid block write size 96
[ 836.913461][T26160] i2c i2c-0: Invalid block write size 137
[ 837.070166][T26164] i2c i2c-0: Invalid block write size 137
[ 837.446645][T26178] i2c i2c-0: Invalid block write size 137
[ 837.627772][T26182] i2c i2c-0: Invalid block write size 96
[ 837.917032][T26192] i2c i2c-0: Invalid block write size 137
[ 838.395989][T26129] warn_alloc: 1 callbacks suppressed
[ 838.396054][T26129] syz.2.5719: vmalloc error: size 261324800, failed to allocated page array size 510400, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 838.416584][T26129] CPU: 2 UID: 0 PID: 26129 Comm: syz.2.5719 Not tainted 6.18.0 #1 PREEMPT(full)
[ 838.416643][T26129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 838.416696][T26129] Call Trace:
[ 838.416793][T26129] <TASK>
[ 838.416842][T26129] dump_stack_lvl+0x180/0x1b0
[ 838.417422][T26129] warn_alloc+0x211/0x360
[ 838.417631][T26129] ? __pfx_warn_alloc+0x10/0x10
[ 838.417649][T26129] ? __pfx_alloc_vmap_area+0x10/0x10
[ 838.417713][T26129] ? drm_property_create_blob.part.0+0x34/0x320
[ 838.417866][T26129] ? __vmalloc_node_noprof+0xac/0xf0
[ 838.417894][T26129] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 838.417925][T26129] ? drm_property_create_blob.part.0+0x34/0x320
[ 838.417955][T26129] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 838.417989][T26129] __kvmalloc_node_noprof+0x41f/0x9d0
[ 838.418020][T26129] ? drm_property_create_blob.part.0+0x34/0x320
[ 838.418058][T26129] ? drm_property_create_blob.part.0+0x34/0x320
[ 838.418086][T26129] ? drm_property_create_blob.part.0+0x34/0x320
[ 838.418108][T26129] drm_property_create_blob.part.0+0x34/0x320
[ 838.418134][T26129] drm_mode_createblob_ioctl+0x139/0x490
[ 838.418161][T26129] drm_ioctl_kernel+0x1ed/0x3e0
[ 838.418187][T26129] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 838.418210][T26129] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 838.418232][T26129] drm_ioctl+0x574/0xb90
[ 838.418250][T26129] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 838.418276][T26129] ? __pfx_drm_ioctl+0x10/0x10
[ 838.418293][T26129] ? hook_file_ioctl_common+0x146/0x3f0
[ 838.418450][T26129] ? __fget_files+0x1fb/0x3b0
[ 838.418555][T26129] ? __pfx_drm_ioctl+0x10/0x10
[ 838.418575][T26129] __x64_sys_ioctl+0x18f/0x210
[ 838.418624][T26129] do_syscall_64+0xcb/0xfa0
[ 838.418689][T26129] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 838.418786][T26129] RIP: 0033:0x7f1a7f5b059d
[ 838.418845][T26129] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 838.418861][T26129] RSP: 002b:00007f1a7d7f5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 838.418916][T26129] RAX: ffffffffffffffda RBX: 00007f1a7f825fa0 RCX: 00007f1a7f5b059d
[ 838.418927][T26129] RDX: 0000200000000100 RSI: 00000000c01064bd RDI: 000000000000000a
[ 838.418937][T26129] RBP: 00007f1a7f64e078 R08: 0000000000000000 R09: 0000000000000000
[ 838.418947][T26129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 838.418956][T26129] R13: 00007f1a7f826038 R14: 00007f1a7f825fa0 R15: 00007f1a7d7d6000
[ 838.418979][T26129] </TASK>
[ 838.418985][T26129] Mem-Info:
[ 838.688659][T26129] active_anon:7090 inactive_anon:0 isolated_anon:0
[ 838.688659][T26129] active_file:4112 inactive_file:53089 isolated_file:0
[ 838.688659][T26129] unevictable:1768 dirty:2448 writeback:0
[ 838.688659][T26129] slab_reclaimable:13145 slab_unreclaimable:65106
[ 838.688659][T26129] mapped:28291 shmem:2800 pagetables:1463
[ 838.688659][T26129] sec_pagetables:0 bounce:0
[ 838.688659][T26129] kernel_misc_reclaimable:0
[ 838.688659][T26129] free:435717 free_pcp:12549 free_cma:0
[ 838.790647][T26129] Node 0 active_anon:12116kB inactive_anon:0kB active_file:11388kB inactive_file:60864kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:70568kB dirty:8484kB writeback:0kB shmem:5292kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5628kB pagetables:3168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 838.854585][T26129] Node 1 active_anon:16344kB inactive_anon:0kB active_file:5060kB inactive_file:151492kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42596kB dirty:1308kB writeback:0kB shmem:5908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6540kB pagetables:2884kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 838.880077][T26129] Node 0 DMA free:15284kB boost:0kB min:452kB low:564kB high:676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:76kB local_pcp:64kB free_cma:0kB
[ 838.910458][T26129] lowmem_reserve[]: 0 1176 1176 1176 1176
[ 838.913435][T26129] Node 0 DMA32 free:609076kB boost:0kB min:34836kB low:43544kB high:52252kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12240kB inactive_anon:0kB active_file:11388kB inactive_file:60864kB unevictable:3536kB writepending:8484kB zspages:0kB present:2080772kB managed:1204832kB mlocked:0kB bounce:0kB free_pcp:20760kB local_pcp:6800kB free_cma:0kB
[ 838.933160][T26129] lowmem_reserve[]: 0 0 0 0 0
[ 838.935788][T26129] Node 1 DMA32 free:964388kB boost:0kB min:29136kB low:36420kB high:43704kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048444kB managed:982908kB mlocked:0kB bounce:0kB free_pcp:18388kB local_pcp:5052kB free_cma:0kB
[ 838.963296][T26129] lowmem_reserve[]: 0 0 846 846 846
[ 838.968019][T26129] Node 1 Normal free:138240kB boost:0kB min:25680kB low:32100kB high:38520kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16344kB inactive_anon:0kB active_file:5060kB inactive_file:151492kB unevictable:3536kB writepending:1308kB zspages:0kB present:1048576kB managed:866440kB mlocked:0kB bounce:0kB free_pcp:10224kB local_pcp:208kB free_cma:0kB
[ 838.993907][T26129] lowmem_reserve[]: 0 0 0 0 0
[ 838.998862][T26129] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 2*64kB (U) 2*128kB (U) 2*256kB (U) 2*512kB (U) 3*1024kB (U) 3*2048kB (U) 1*4096kB (U) = 15284kB
[ 839.011742][T26129] Node 0 DMA32: 80*4kB (UME) 182*8kB (UME) 70*16kB (UM) 26*32kB (UME) 119*64kB (UME) 388*128kB (UME) 347*256kB (UM) 297*512kB (UME) 220*1024kB (UME) 40*2048kB (UE) 0*4096kB = 609104kB
[ 839.059292][T26129] Node 1 DMA32: 4*4kB (UM) 7*8kB (UM) 5*16kB (UM) 8*32kB (UM) 7*64kB (UM) 10*128kB (UM) 9*256kB (UM) 9*512kB (UM) 11*1024kB (UM) 9*2048kB (UM) 226*4096kB (UM) = 964440kB
[ 839.067141][T26129] Node 1 Normal: 130*4kB (UM) 97*8kB (UME) 34*16kB (UM) 21*32kB (UME) 10*64kB (UM) 9*128kB (ME) 7*256kB (UME) 61*512kB (UM) 77*1024kB (UME) 7*2048kB (U) 0*4096kB = 130512kB
[ 839.075409][T26129] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 839.079908][T26129] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 839.084304][T26129] 60004 total pagecache pages
[ 839.088263][T26129] 0 pages in swap cache
[ 839.090955][T26129] Free swap = 124996kB
[ 839.100747][T26129] Total swap = 124996kB
[ 839.103349][T26129] 1048446 pages RAM
[ 839.106124][T26129] 0 pages HighMem/MovableOnly
[ 839.116162][T26129] 281061 pages reserved
[ 839.130431][T26129] 0 pages cma reserved
[ 839.531376][T26202] i2c i2c-0: Invalid block write size 137
[ 839.601084][ C3] vkms_vblank_simulate: vblank timer overrun
[ 839.706229][ C3] vkms_vblank_simulate: vblank timer overrun
[ 839.935997][ C3] vkms_vblank_simulate: vblank timer overrun
[ 839.993346][T26213] i2c i2c-0: Invalid block write size 137
[ 840.091078][T26215] i2c i2c-0: Invalid block write size 96
[ 840.222302][ C3] vkms_vblank_simulate: vblank timer overrun
[ 840.459407][ C3] vkms_vblank_simulate: vblank timer overrun
[ 840.468400][T26221] i2c i2c-0: Invalid block write size 137
[ 840.634857][T26225] i2c i2c-0: Invalid block write size 137
[ 840.808006][ C3] vkms_vblank_simulate: vblank timer overrun
[ 841.500167][T26243] i2c i2c-0: Invalid block write size 96
[ 841.677328][T26245] i2c i2c-0: Invalid block write size 137
[ 841.688349][ C3] vkms_vblank_simulate: vblank timer overrun
[ 841.843842][T26248] i2c i2c-0: Invalid block write size 137
[ 842.317164][ C3] vkms_vblank_simulate: vblank timer overrun
[ 842.686127][ C3] vkms_vblank_simulate: vblank timer overrun
[ 843.113931][T26265] i2c i2c-0: Invalid block write size 137
[ 843.280303][T26267] i2c i2c-0: Invalid block write size 137
[ 843.342517][ C3] vkms_vblank_simulate: vblank timer overrun
[ 843.480185][T26271] i2c i2c-0: Invalid block write size 137
[ 843.718379][T26279] i2c i2c-0: Invalid block write size 96
[ 844.118862][T26293] i2c i2c-0: Invalid block write size 137
[ 844.189410][T26295] i2c i2c-0: Invalid block write size 137
[ 844.419979][T26301] i2c i2c-0: Invalid block write size 137
[ 844.498709][T26303] i2c i2c-0: Invalid block write size 96
[ 844.516184][T26305] i2c i2c-0: Invalid block write size 133
[ 844.988899][T26327] i2c i2c-0: Invalid block write size 96
[ 845.169823][ C3] vkms_vblank_simulate: vblank timer overrun
[ 845.201419][T26331] i2c i2c-0: Invalid block write size 137
[ 845.226348][T26330] i2c i2c-0: Invalid block write size 137
[ 845.407911][T26333] i2c i2c-0: Invalid block write size 96
[ 846.090281][T26350] i2c i2c-0: Invalid block write size 96
[ 846.579518][T26360] i2c i2c-0: Invalid block write size 137
[ 847.241162][T26375] i2c i2c-0: Invalid block write size 137
[ 847.358466][T26377] i2c i2c-0: Invalid block write size 96
[ 847.400299][T26381] i2c i2c-0: Invalid block write size 137
[ 847.551465][T26390] i2c i2c-0: Invalid block write size 96
[ 847.833550][T26399] i2c i2c-0: Invalid block write size 137
[ 847.966100][T26402] i2c i2c-0: Invalid block write size 96
[ 848.107184][ C3] vkms_vblank_simulate: vblank timer overrun
[ 848.136772][ C3] vkms_vblank_simulate: vblank timer overrun
[ 848.209346][T26407] i2c i2c-0: Invalid block write size 137
[ 848.251262][ C3] vkms_vblank_simulate: vblank timer overrun
[ 848.380778][T26416] i2c i2c-0: Invalid block write size 137
[ 848.478172][T26419] i2c i2c-0: Invalid block write size 137
[ 848.784719][T26433] i2c i2c-0: Invalid block write size 96
[ 848.956500][ C3] vkms_vblank_simulate: vblank timer overrun
[ 848.997202][T26441] i2c i2c-0: Invalid block write size 137
[ 849.140440][T26447] i2c i2c-0: Invalid block write size 137
[ 849.214047][T26449] i2c i2c-0: Invalid block write size 96
[ 849.318650][T26451] i2c i2c-0: Invalid block write size 137
[ 849.456762][T26459] i2c i2c-0: Invalid block write size 137
[ 849.564277][T26283] warn_alloc: 10 callbacks suppressed
[ 849.564299][T26283] syz.0.5783: vmalloc error: size 3551232, failed to allocated page array size 6936, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 849.584306][T26283] CPU: 1 UID: 0 PID: 26283 Comm: syz.0.5783 Not tainted 6.18.0 #1 PREEMPT(full)
[ 849.584336][T26283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 849.584377][T26283] Call Trace:
[ 849.584385][T26283] <TASK>
[ 849.584393][T26283] dump_stack_lvl+0x180/0x1b0
[ 849.584428][T26283] warn_alloc+0x211/0x360
[ 849.584453][T26283] ? __pfx_warn_alloc+0x10/0x10
[ 849.584471][T26283] ? rcu_is_watching+0x12/0xc0
[ 849.584630][T26283] ? __pfx_alloc_vmap_area+0x10/0x10
[ 849.584653][T26283] ? __get_vm_area_node+0x10c/0x340
[ 849.584681][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.584708][T26283] ? __vmalloc_node_noprof+0xac/0xf0
[ 849.584741][T26283] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 849.584776][T26283] ? alloc_vmap_area+0x55c/0x2860
[ 849.584799][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.584835][T26283] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 849.584862][T26283] ? __pfx_alloc_vmap_area+0x10/0x10
[ 849.584885][T26283] ? kasan_quarantine_put+0x10d/0x230
[ 849.584969][T26283] ? __get_vm_area_node+0x10c/0x340
[ 849.585002][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.585028][T26283] __vmalloc_node_noprof+0xac/0xf0
[ 849.585055][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.585085][T26283] __vmalloc_node_range_noprof+0x40d/0x13b0
[ 849.585133][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.585777][T26283] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 849.585819][T26283] __kvmalloc_node_noprof+0x41f/0x9d0
[ 849.585843][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.585868][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.585895][T26283] ? drm_property_create_blob.part.0+0x34/0x320
[ 849.585918][T26283] drm_property_create_blob.part.0+0x34/0x320
[ 849.585944][T26283] drm_mode_createblob_ioctl+0x139/0x490
[ 849.585973][T26283] drm_ioctl_kernel+0x1ed/0x3e0
[ 849.585989][T26283] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 849.586016][T26283] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 849.586040][T26283] drm_ioctl+0x574/0xb90
[ 849.586060][T26283] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 849.586085][T26283] ? __pfx_drm_ioctl+0x10/0x10
[ 849.586143][T26283] ? hook_file_ioctl_common+0x146/0x3f0
[ 849.586173][T26283] ? __fget_files+0x1fb/0x3b0
[ 849.586197][T26283] ? __pfx_drm_ioctl+0x10/0x10
[ 849.586216][T26283] __x64_sys_ioctl+0x18f/0x210
[ 849.586236][T26283] do_syscall_64+0xcb/0xfa0
[ 849.586266][T26283] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 849.586286][T26283] RIP: 0033:0x7fd982bb059d
[ 849.586304][T26283] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 849.586321][T26283] RSP: 002b:00007fd983a8df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 849.586339][T26283] RAX: ffffffffffffffda RBX: 00007fd982e25fa0 RCX: 00007fd982bb059d
[ 849.586353][T26283] RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 0000000000000005
[ 849.586393][T26283] RBP: 00007fd982c4e078 R08: 0000000000000000 R09: 0000000000000000
[ 849.586406][T26283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 849.586417][T26283] R13: 00007fd982e26038 R14: 00007fd982e25fa0 R15: 00007fd983a6e000
[ 849.586462][T26283] </TASK>
[ 849.586470][T26283] Mem-Info:
[ 849.654389][T26464] i2c i2c-0: Invalid block write size 137
[ 849.655174][T26283] active_anon:7108 inactive_anon:0 isolated_anon:0
[ 849.655174][T26283] active_file:4112 inactive_file:53102 isolated_file:0
[ 849.655174][T26283] unevictable:1768 dirty:2298 writeback:0
[ 849.655174][T26283] slab_reclaimable:12981 slab_unreclaimable:65325
[ 849.655174][T26283] mapped:28265 shmem:2800 pagetables:1524
[ 849.655174][T26283] sec_pagetables:0 bounce:0
[ 849.655174][T26283] kernel_misc_reclaimable:0
[ 849.655174][T26283] free:411297 free_pcp:18101 free_cma:0
[ 849.885726][T26283] Node 0 active_anon:12140kB inactive_anon:0kB active_file:11356kB inactive_file:60892kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:70432kB dirty:8100kB writeback:0kB shmem:5296kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5660kB pagetables:3352kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 849.913983][T26476] i2c i2c-0: Invalid block write size 96
[ 849.915614][T26283] Node 1 active_anon:16192kB inactive_anon:0kB active_file:5092kB inactive_file:151516kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42628kB dirty:1092kB writeback:0kB shmem:5904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6564kB pagetables:2944kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 849.915665][T26283] Node 0 DMA free:15232kB boost:0kB min:452kB low:564kB high:676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:128kB local_pcp:0kB free_cma:0kB
[ 849.915715][T26283] lowmem_reserve[]: 0 1176 1176 1176 1176
[ 849.915754][T26283] Node 0 DMA32 free:543176kB boost:0kB min:34836kB low:43544kB high:52252kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12264kB inactive_anon:0kB active_file:11356kB inactive_file:60892kB unevictable:3536kB writepending:8100kB zspages:0kB present:2080772kB managed:1204832kB mlocked:0kB bounce:0kB free_pcp:36384kB local_pcp:128kB free_cma:0kB
[ 849.915809][T26283] lowmem_reserve[]: 0 0 0 0 0
[ 849.915849][T26283] Node 1 DMA32 free:960072kB boost:0kB min:29136kB low:36420kB high:43704kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048444kB managed:982908kB mlocked:0kB bounce:0kB free_pcp:22756kB local_pcp:6140kB free_cma:0kB
[ 849.915901][T26283] lowmem_reserve[]: 0 0 846 846 846
[ 849.915939][T26283] Node 1 Normal free:156004kB boost:0kB min:25680kB low:32100kB high:38520kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16192kB inactive_anon:0kB active_file:5092kB inactive_file:151516kB unevictable:3536kB writepending:1092kB zspages:0kB present:1048576kB managed:866440kB mlocked:0kB bounce:0kB free_pcp:10504kB local_pcp:3036kB free_cma:0kB
[ 849.916045][T26283] lowmem_reserve[]: 0 0 0 0 0
[ 849.916083][T26283] Node 0 DMA: 2*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 2*128kB (U) 2*256kB (U) 0*512kB 2*1024kB (U) 0*2048kB 3*4096kB (U) = 15232kB
[ 849.916307][T26283] Node 0 DMA32: 53*4kB (UME) 193*8kB (UME) 73*16kB (UM) 28*32kB (UME) 15*64kB (UME) 79*128kB (U) 304*256kB (UE) 290*512kB (UME) 235*1024kB (UM) 30*2048kB (U) 0*4096kB = 543276kB
[ 849.916471][T26283] Node 1 DMA32: 6*4kB (UM) 6*8kB (UM) 6*16kB (UM) 9*32kB (UM) 8*64kB (UM) 9*128kB (UM) 8*256kB (UM) 7*512kB (UM) 10*1024kB (UM) 10*2048kB (UM) 225*4096kB (UM) = 960072kB
[ 849.916653][T26283] Node 1 Normal: 115*4kB (UM) 164*8kB (UME) 47*16kB (UME) 138*32kB (UME) 32*64kB (UM) 11*128kB (UME) 23*256kB (UME) 111*512kB (UM) 73*1024kB (UME) 4*2048kB (U) 0*4096kB = 156060kB
[ 849.916817][T26283] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 849.916832][T26283] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 849.916848][T26283] 60014 total pagecache pages
[ 849.916856][T26283] 0 pages in swap cache
[ 849.916864][T26283] Free swap = 124996kB
[ 849.916872][T26283] Total swap = 124996kB
[ 849.916881][T26283] 1048446 pages RAM
[ 849.916924][T26283] 0 pages HighMem/MovableOnly
[ 849.916932][T26283] 281061 pages reserved
[ 849.916940][T26283] 0 pages cma reserved
[ 849.977835][ C3] vkms_vblank_simulate: vblank timer overrun
[ 850.051225][ C3] vkms_vblank_simulate: vblank timer overrun
[ 850.088449][ C3] vkms_vblank_simulate: vblank timer overrun
[ 850.176898][ C3] vkms_vblank_simulate: vblank timer overrun
[ 850.219579][ C3] vkms_vblank_simulate: vblank timer overrun
[ 850.470967][ C3] vkms_vblank_simulate: vblank timer overrun
[ 850.681995][T26490] i2c i2c-0: Invalid block write size 137
[ 850.820330][ C3] vkms_vblank_simulate: vblank timer overrun
[ 850.954506][T26503] i2c i2c-0: Invalid block write size 96
[ 850.969499][T26505] i2c i2c-0: Invalid block write size 137
[ 851.097163][T26510] i2c i2c-0: Invalid block write size 137
[ 851.109910][T26507] i2c i2c-0: Invalid block write size 137
[ 851.334157][ C3] vkms_vblank_simulate: vblank timer overrun
[ 851.372497][T26527] i2c i2c-0: Invalid block write size 96
[ 851.454045][ C3] vkms_vblank_simulate: vblank timer overrun
[ 851.606072][T26543] i2c i2c-0: Invalid block write size 137
[ 851.618428][T26544] i2c i2c-0: Invalid block write size 137
[ 851.766857][T26549] i2c i2c-0: Invalid block write size 137
[ 851.852673][T26553] i2c i2c-0: Invalid block write size 96
[ 852.106379][T26562] i2c i2c-0: Invalid block write size 137
[ 852.234725][T26566] i2c i2c-0: Invalid block write size 137
[ 852.455516][T26575] i2c i2c-0: Invalid block write size 137
[ 852.589598][T26579] i2c i2c-0: Invalid block write size 96
[ 852.826664][T26586] i2c i2c-0: Invalid block write size 137
[ 852.946111][T26592] i2c i2c-0: Invalid block write size 137
[ 853.168807][T26605] i2c i2c-0: Invalid block write size 96
[ 853.234004][ C3] vkms_vblank_simulate: vblank timer overrun
[ 853.303320][ C3] vkms_vblank_simulate: vblank timer overrun
[ 853.508811][T26619] i2c i2c-0: Invalid block write size 96
[ 853.523830][T26621] i2c i2c-0: Invalid block write size 137
[ 853.790299][ C3] vkms_vblank_simulate: vblank timer overrun
[ 853.878821][T26639] i2c i2c-0: Invalid block write size 137
[ 853.906798][T26642] i2c i2c-0: Invalid block write size 137
[ 854.007500][T26645] i2c i2c-0: Invalid block write size 96
[ 854.097479][ C3] vkms_vblank_simulate: vblank timer overrun
[ 854.111812][T26649] i2c i2c-0: Invalid block write size 96
[ 854.228532][T26658] i2c i2c-0: Invalid block write size 137
[ 854.440918][T26667] i2c i2c-0: Invalid block write size 137
[ 854.473282][T26669] i2c i2c-0: Invalid block write size 96
[ 854.584005][ C3] vkms_vblank_simulate: vblank timer overrun
[ 854.906101][T26693] i2c i2c-0: Invalid block write size 137
[ 855.004847][T26699] i2c i2c-0: Invalid block write size 137
[ 855.238079][ C2] vkms_vblank_simulate: vblank timer overrun
[ 855.286400][T26712] i2c i2c-0: Invalid block write size 137
[ 855.457764][T26721] i2c i2c-0: Invalid block write size 96
[ 855.596338][T26728] i2c i2c-0: Invalid block write size 137
[ 855.863584][T26739] i2c i2c-0: Invalid block write size 137
[ 855.915343][T26743] i2c i2c-0: Invalid block write size 96
[ 856.019767][T26750] i2c i2c-0: Invalid block write size 137
[ 856.097063][T26752] i2c i2c-0: Invalid block write size 137
[ 856.248682][T26754] i2c i2c-0: Invalid block write size 96
[ 856.448501][ C2] vkms_vblank_simulate: vblank timer overrun
[ 856.573897][ C2] vkms_vblank_simulate: vblank timer overrun
[ 856.635540][T26767] i2c i2c-0: Invalid block write size 96
[ 856.642033][ C2] vkms_vblank_simulate: vblank timer overrun
[ 856.709290][ C2] vkms_vblank_simulate: vblank timer overrun
[ 856.806808][T26774] i2c i2c-0: Invalid block write size 137
[ 856.951213][T26780] i2c i2c-0: Invalid block write size 137
[ 857.051953][T26784] i2c i2c-0: Invalid block write size 96
[ 857.145732][ C2] vkms_vblank_simulate: vblank timer overrun
[ 857.175778][ C2] vkms_vblank_simulate: vblank timer overrun
[ 857.293838][ C2] vkms_vblank_simulate: vblank timer overrun
[ 857.365834][ C2] vkms_vblank_simulate: vblank timer overrun
[ 857.469227][T26799] i2c i2c-0: Invalid block write size 96
[ 857.678966][T26805] i2c i2c-0: Invalid block write size 137
[ 857.777755][T26809] i2c i2c-0: Invalid block write size 137
[ 857.894191][T26813] i2c i2c-0: Invalid block write size 96
[ 857.921483][T26815] i2c i2c-0: Invalid block write size 137
[ 858.569738][T26833] i2c i2c-0: Invalid block write size 137
[ 858.702397][T26837] i2c i2c-0: Invalid block write size 137
[ 858.746709][T26839] i2c i2c-0: Invalid block write size 96
[ 858.938278][T26846] i2c i2c-0: Invalid block write size 137
[ 859.578708][T26863] i2c i2c-0: Invalid block write size 137
[ 859.794923][T26869] i2c i2c-0: Invalid block write size 137
[ 859.862507][T26871] i2c i2c-0: Invalid block write size 96
[ 859.940753][T26875] i2c i2c-0: Invalid block write size 137
[ 860.083160][T26884] i2c i2c-0: Invalid block write size 137
[ 860.145828][T26887] i2c i2c-0: Invalid block write size 137
[ 860.378313][T26902] i2c i2c-0: Invalid block write size 96
[ 860.520309][T26824] warn_alloc: 2 callbacks suppressed
[ 860.520327][T26824] syz.0.6013: vmalloc error: size 3551232, failed to allocated page array size 6936, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 860.537488][T26909] i2c i2c-0: Invalid block write size 137
[ 860.556151][ C2] vkms_vblank_simulate: vblank timer overrun
[ 860.570875][T26824] CPU: 2 UID: 0 PID: 26824 Comm: syz.0.6013 Not tainted 6.18.0 #1 PREEMPT(full)
[ 860.570899][T26824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 860.570910][T26824] Call Trace:
[ 860.570917][T26824] <TASK>
[ 860.570924][T26824] dump_stack_lvl+0x180/0x1b0
[ 860.570955][T26824] warn_alloc+0x211/0x360
[ 860.570977][T26824] ? __pfx_warn_alloc+0x10/0x10
[ 860.570992][T26824] ? rcu_is_watching+0x12/0xc0
[ 860.571013][T26824] ? __pfx_alloc_vmap_area+0x10/0x10
[ 860.571036][T26824] ? __get_vm_area_node+0x10c/0x340
[ 860.571063][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.571087][T26824] ? __vmalloc_node_noprof+0xac/0xf0
[ 860.571115][T26824] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 860.571146][T26824] ? alloc_vmap_area+0x55c/0x2860
[ 860.575020][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.575056][T26824] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 860.575083][T26824] ? __pfx_alloc_vmap_area+0x10/0x10
[ 860.575104][T26824] ? stack_trace_save+0x8e/0xc0
[ 860.575192][T26824] ? __get_vm_area_node+0x10c/0x340
[ 860.575221][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.575243][T26824] __vmalloc_node_noprof+0xac/0xf0
[ 860.575268][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.575293][T26824] __vmalloc_node_range_noprof+0x40d/0x13b0
[ 860.575319][T26824] ? do_raw_spin_lock+0x12b/0x2b0
[ 860.575404][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.575449][T26824] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 860.575484][T26824] __kvmalloc_node_noprof+0x41f/0x9d0
[ 860.575505][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.575529][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.575557][T26824] ? drm_property_create_blob.part.0+0x34/0x320
[ 860.575579][T26824] drm_property_create_blob.part.0+0x34/0x320
[ 860.575605][T26824] drm_mode_createblob_ioctl+0x139/0x490
[ 860.575631][T26824] drm_ioctl_kernel+0x1ed/0x3e0
[ 860.575647][T26824] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 860.575701][T26824] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 860.575723][T26824] drm_ioctl+0x574/0xb90
[ 860.575740][T26824] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 860.575764][T26824] ? __pfx_drm_ioctl+0x10/0x10
[ 860.575781][T26824] ? hook_file_ioctl_common+0x146/0x3f0
[ 860.575808][T26824] ? __fget_files+0x1fb/0x3b0
[ 860.575830][T26824] ? __pfx_drm_ioctl+0x10/0x10
[ 860.575846][T26824] __x64_sys_ioctl+0x18f/0x210
[ 860.575863][T26824] do_syscall_64+0xcb/0xfa0
[ 860.575891][T26824] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 860.575908][T26824] RIP: 0033:0x7fd982bb059d
[ 860.575923][T26824] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 860.575940][T26824] RSP: 002b:00007fd983a8df98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 860.575957][T26824] RAX: ffffffffffffffda RBX: 00007fd982e25fa0 RCX: 00007fd982bb059d
[ 860.576000][T26824] RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 0000000000000004
[ 860.576010][T26824] RBP: 00007fd982c4e078 R08: 0000000000000000 R09: 0000000000000000
[ 860.576020][T26824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 860.576029][T26824] R13: 00007fd982e26038 R14: 00007fd982e25fa0 R15: 00007fd983a6e000
[ 860.576052][T26824] </TASK>
[ 860.578914][T26824] Mem-Info:
[ 860.578929][T26824] active_anon:7112 inactive_anon:0 isolated_anon:0
[ 860.578929][T26824] active_file:4112 inactive_file:53119 isolated_file:0
[ 860.578929][T26824] unevictable:1768 dirty:2366 writeback:0
[ 860.578929][T26824] slab_reclaimable:13125 slab_unreclaimable:64667
[ 860.578929][T26824] mapped:28239 shmem:2800 pagetables:1543
[ 860.578929][T26824] sec_pagetables:0 bounce:0
[ 860.578929][T26824] kernel_misc_reclaimable:0
[ 860.578929][T26824] free:425244 free_pcp:11727 free_cma:0
[ 860.578975][T26824] Node 0 active_anon:11800kB inactive_anon:0kB active_file:11372kB inactive_file:60936kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:70384kB dirty:8576kB writeback:0kB shmem:5292kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5596kB pagetables:3460kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 860.579072][T26824] Node 1 active_anon:16648kB inactive_anon:0kB active_file:5076kB inactive_file:151540kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42572kB dirty:888kB writeback:0kB shmem:5908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6616kB pagetables:2712kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 860.579116][T26824] Node 0 DMA free:15104kB boost:0kB min:452kB low:564kB high:676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:256kB local_pcp:68kB free_cma:0kB
[ 860.579222][T26824] lowmem_reserve[]: 0 1176 1176 1176 1176
[ 860.579265][T26824] Node 0 DMA32 free:449852kB boost:0kB min:34836kB low:43544kB high:52252kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11800kB inactive_anon:0kB active_file:11372kB inactive_file:60936kB unevictable:3536kB writepending:8576kB zspages:0kB present:2080772kB managed:1204832kB mlocked:0kB bounce:0kB free_pcp:15456kB local_pcp:10872kB free_cma:0kB
[ 860.579322][T26824] lowmem_reserve[]: 0 0 0 0 0
[ 860.579358][T26824] Node 1 DMA32 free:957820kB boost:0kB min:29136kB low:36420kB high:43704kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048444kB managed:982908kB mlocked:0kB bounce:0kB free_pcp:24948kB local_pcp:5980kB free_cma:0kB
[ 860.579409][T26824] lowmem_reserve[]: 0 0 846 846 846
[ 860.579447][T26824] Node 1 Normal free:278200kB boost:0kB min:25680kB low:32100kB high:38520kB reserved_highatomic:0KB free_highatomic:0KB active_anon:16648kB inactive_anon:0kB active_file:5076kB inactive_file:151540kB unevictable:3536kB writepending:888kB zspages:0kB present:1048576kB managed:866440kB mlocked:0kB bounce:0kB free_pcp:6248kB local_pcp:0kB free_cma:0kB
[ 860.579500][T26824] lowmem_reserve[]: 0 0 0 0 0
[ 860.579535][T26824] Node 0 DMA: 2*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 3*128kB (U) 3*256kB (U) 1*512kB (U) 3*1024kB (U) 1*2048kB (U) 2*4096kB (U) = 15104kB
[ 860.579709][T26824] Node 0 DMA32: 124*4kB (ME) 186*8kB (UME) 57*16kB (UME) 17*32kB (ME) 3*64kB (M) 0*128kB 1*256kB (E) 275*512kB (UM) 238*1024kB (UM) 30*2048kB (U) 0*4096kB = 449840kB
[ 860.579873][T26824] Node 1 DMA32: 6*4kB (UM) 5*8kB (UM) 4*16kB (UM) 8*32kB (UM) 9*64kB (UM) 8*128kB (UM) 6*256kB (UM) 10*512kB (UM) 11*1024kB (UM) 12*2048kB (UM) 223*4096kB (UM) = 957888kB
[ 860.580024][T26824] Node 1 Normal: 71*4kB (UME) 73*8kB (M) 637*16kB (UME) 494*32kB (UME) 196*64kB (UME) 363*128kB (UME) 185*256kB (UME) 113*512kB (UM) 75*1024kB (UME) 5*2048kB (U) 0*4096kB = 278132kB
[ 860.580227][T26824] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 860.580243][T26824] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 860.580280][T26824] 60031 total pagecache pages
[ 860.580289][T26824] 0 pages in swap cache
[ 860.580296][T26824] Free swap = 124996kB
[ 860.580305][T26824] Total swap = 124996kB
[ 860.580313][T26824] 1048446 pages RAM
[ 860.580321][T26824] 0 pages HighMem/MovableOnly
[ 860.580327][T26824] 281061 pages reserved
[ 860.580334][T26824] 0 pages cma reserved
[ 860.925044][ C2] vkms_vblank_simulate: vblank timer overrun
[ 861.825483][ C2] vkms_vblank_simulate: vblank timer overrun
[ 861.852637][T26923] i2c i2c-0: Invalid block write size 137
[ 861.899469][T26925] i2c i2c-0: Invalid block write size 96
[ 862.065808][T26931] i2c i2c-0: Invalid block write size 96
[ 862.141242][ C2] vkms_vblank_simulate: vblank timer overrun
[ 862.236509][T26933] i2c i2c-0: Invalid block write size 137
[ 862.740734][T26954] i2c i2c-0: Invalid block write size 137
[ 862.835266][T26958] i2c i2c-0: Invalid block write size 96
[ 862.898918][T26961] i2c i2c-0: Invalid block write size 137
[ 862.974077][T26963] i2c i2c-0: Invalid block write size 96
[ 863.155750][ C2] vkms_vblank_simulate: vblank timer overrun
[ 863.267150][T26971] FAULT_INJECTION: forcing a failure.
[ 863.267150][T26971] name failslab, interval 1, probability 0, space 0, times 0
[ 863.281045][T26971] CPU: 1 UID: 0 PID: 26971 Comm: syz.3.6074 Not tainted 6.18.0 #1 PREEMPT(full)
[ 863.281072][T26971] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 863.281154][T26971] Call Trace:
[ 863.281228][T26971] <TASK>
[ 863.281279][T26971] dump_stack_lvl+0x180/0x1b0
[ 863.281993][T26971] should_fail_ex+0x520/0x650
[ 863.282228][T26971] ? tomoyo_realpath_from_path+0xc3/0x600
[ 863.282323][T26971] should_failslab+0xc2/0x120
[ 863.282489][T26971] __kmalloc_noprof+0xdc/0x8c0
[ 863.282556][T26971] ? kfree+0x3b1/0x6c0
[ 863.282580][T26971] ? tomoyo_realpath_from_path+0xc3/0x600
[ 863.282602][T26971] tomoyo_realpath_from_path+0xc3/0x600
[ 863.282627][T26971] ? tomoyo_profile+0x46/0x60
[ 863.282679][T26971] tomoyo_path_number_perm+0x221/0x550
[ 863.282698][T26971] ? tomoyo_path_number_perm+0x213/0x550
[ 863.282719][T26971] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 863.282741][T26971] ? proc_fail_nth_write+0x97/0x220
[ 863.282835][T26971] ? hook_file_ioctl_common+0x146/0x3f0
[ 863.282887][T26971] ? __fget_files+0x1f1/0x3b0
[ 863.282944][T26971] ? __fget_files+0x1fb/0x3b0
[ 863.282968][T26971] security_file_ioctl+0x9f/0x260
[ 863.287214][T26971] __x64_sys_ioctl+0xb7/0x210
[ 863.287254][T26971] do_syscall_64+0xcb/0xfa0
[ 863.287328][T26971] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 863.287417][T26971] RIP: 0033:0x7f2e52db059d
[ 863.287492][T26971] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 863.287603][T26971] RSP: 002b:00007f2e53b8ff98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 863.287680][T26971] RAX: ffffffffffffffda RBX: 00007f2e53025fa0 RCX: 00007f2e52db059d
[ 863.287691][T26971] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000003
[ 863.287701][T26971] RBP: 00007f2e53b90010 R08: 0000000000000000 R09: 0000000000000000
[ 863.287712][T26971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 863.287722][T26971] R13: 00007f2e53026038 R14: 00007f2e53025fa0 R15: 00007f2e53b70000
[ 863.287748][T26971] </TASK>
[ 863.549474][T26971] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 864.144401][T26983] i2c i2c-0: Invalid block write size 137
[ 864.279944][T26985] i2c i2c-0: Invalid block write size 137
[ 864.474995][ C2] vkms_vblank_simulate: vblank timer overrun
[ 864.682937][T26987] i2c i2c-0: Invalid block write size 96
[ 865.233846][T26994] i2c i2c-0: Invalid block write size 96
[ 865.495198][T27007] FAULT_INJECTION: forcing a failure.
[ 865.495198][T27007] name failslab, interval 1, probability 0, space 0, times 0
[ 865.619077][ C2] vkms_vblank_simulate: vblank timer overrun
[ 865.782181][T27007] CPU: 2 UID: 0 PID: 27007 Comm: syz.2.6087 Not tainted 6.18.0 #1 PREEMPT(full)
[ 865.782244][T27007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 865.782374][T27007] Call Trace:
[ 865.782476][T27007] <TASK>
[ 865.782529][T27007] dump_stack_lvl+0x180/0x1b0
[ 865.786857][T27007] should_fail_ex+0x520/0x650
[ 865.787162][T27007] ? tomoyo_encode2.part.0+0xe9/0x3a0
[ 865.787258][T27007] should_failslab+0xc2/0x120
[ 865.787406][T27007] __kmalloc_noprof+0xdc/0x8c0
[ 865.787490][T27007] ? d_absolute_path+0x12a/0x1a0
[ 865.787583][T27007] ? tomoyo_encode2.part.0+0xe9/0x3a0
[ 865.787604][T27007] tomoyo_encode2.part.0+0xe9/0x3a0
[ 865.787631][T27007] tomoyo_encode+0x2b/0x60
[ 865.787653][T27007] tomoyo_realpath_from_path+0x188/0x600
[ 865.787723][T27007] tomoyo_path_number_perm+0x221/0x550
[ 865.787743][T27007] ? tomoyo_path_number_perm+0x213/0x550
[ 865.787767][T27007] ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 865.787788][T27007] ? proc_fail_nth_write+0x97/0x220
[ 865.787870][T27007] ? hook_file_ioctl_common+0x146/0x3f0
[ 865.787924][T27007] ? __fget_files+0x1f1/0x3b0
[ 865.787985][T27007] ? __fget_files+0x1fb/0x3b0
[ 865.788009][T27007] security_file_ioctl+0x9f/0x260
[ 865.788100][T27007] __x64_sys_ioctl+0xb7/0x210
[ 865.788134][T27007] do_syscall_64+0xcb/0xfa0
[ 865.788217][T27007] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 865.788363][T27007] RIP: 0033:0x7f1a7f5b059d
[ 865.788434][T27007] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 865.788492][T27007] RSP: 002b:00007f1a7d7f5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 865.788561][T27007] RAX: ffffffffffffffda RBX: 00007f1a7f825fa0 RCX: 00007f1a7f5b059d
[ 865.788578][T27007] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000003
[ 865.788590][T27007] RBP: 00007f1a7d7f6010 R08: 0000000000000000 R09: 0000000000000000
[ 865.788630][T27007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 865.788642][T27007] R13: 00007f1a7f826038 R14: 00007f1a7f825fa0 R15: 00007f1a7d7d6000
[ 865.788669][T27007] </TASK>
[ 865.788887][T27007] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 866.049400][T27012] i2c i2c-0: Invalid block write size 137
[ 866.262030][T27020] i2c i2c-0: Invalid block write size 96
[ 866.291478][T27021] i2c i2c-0: Invalid block write size 96
[ 866.343769][ C2] vkms_vblank_simulate: vblank timer overrun
[ 866.360819][T27025] i2c i2c-0: Invalid block write size 96
[ 866.722574][ C2] vkms_vblank_simulate: vblank timer overrun
[ 866.894796][T27040] i2c i2c-0: Invalid block write size 137
[ 867.033812][T27043] i2c i2c-0: Invalid block write size 137
[ 867.199855][T27046] FAULT_INJECTION: forcing a failure.
[ 867.199855][T27046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 867.208657][T27046] CPU: 3 UID: 0 PID: 27046 Comm: syz.1.6106 Not tainted 6.18.0 #1 PREEMPT(full)
[ 867.208709][T27046] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 867.208721][T27046] Call Trace:
[ 867.208729][T27046] <TASK>
[ 867.208737][T27046] dump_stack_lvl+0x180/0x1b0
[ 867.208778][T27046] should_fail_ex+0x520/0x650
[ 867.208804][T27046] _copy_from_user+0x30/0xd0
[ 867.209215][T27046] i2cdev_ioctl+0xfa/0x820
[ 867.209654][T27046] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 867.209686][T27046] ? __fget_files+0x1fb/0x3b0
[ 867.209709][T27046] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 867.209725][T27046] __x64_sys_ioctl+0x18f/0x210
[ 867.209795][T27046] do_syscall_64+0xcb/0xfa0
[ 867.209874][T27046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 867.209893][T27046] RIP: 0033:0x7f4e641b059d
[ 867.209909][T27046] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 867.209926][T27046] RSP: 002b:00007f4e64fe5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 867.209943][T27046] RAX: ffffffffffffffda RBX: 00007f4e64425fa0 RCX: 00007f4e641b059d
[ 867.209954][T27046] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000003
[ 867.209964][T27046] RBP: 00007f4e64fe6010 R08: 0000000000000000 R09: 0000000000000000
[ 867.209975][T27046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 867.209985][T27046] R13: 00007f4e64426038 R14: 00007f4e64425fa0 R15: 00007f4e64fc6000
[ 867.210008][T27046] </TASK>
[ 867.389384][T27048] i2c i2c-0: Invalid block write size 96
[ 867.624332][ C2] vkms_vblank_simulate: vblank timer overrun
[ 868.051256][T27057] i2c i2c-0: Invalid block write size 137
[ 868.170146][T27059] i2c i2c-0: Invalid block write size 137
[ 868.420772][T27063] i2c i2c-0: Invalid block write size 96
[ 868.575167][T27071] i2c i2c-0: Invalid block write size 96
[ 868.888488][T27077] i2c i2c-0: Invalid block write size 137
[ 868.916775][T27079] FAULT_INJECTION: forcing a failure.
[ 868.916775][T27079] name failslab, interval 1, probability 0, space 0, times 0
[ 868.934936][T27079] CPU: 1 UID: 0 PID: 27079 Comm: syz.1.6122 Not tainted 6.18.0 #1 PREEMPT(full)
[ 868.934963][T27079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 868.934977][T27079] Call Trace:
[ 868.935039][T27079] <TASK>
[ 868.935048][T27079] dump_stack_lvl+0x180/0x1b0
[ 868.935084][T27079] should_fail_ex+0x520/0x650
[ 868.935124][T27079] ? i2c_smbus_try_get_dmabuf+0x5d/0x130
[ 868.935188][T27079] should_failslab+0xc2/0x120
[ 868.935218][T27079] __kmalloc_noprof+0xdc/0x8c0
[ 868.935248][T27079] ? i2c_smbus_try_get_dmabuf+0x5d/0x130
[ 868.935271][T27079] i2c_smbus_try_get_dmabuf+0x5d/0x130
[ 868.935297][T27079] i2c_smbus_xfer_emulated+0x782/0x11b0
[ 868.935326][T27079] ? __pfx_i2c_smbus_xfer_emulated+0x10/0x10
[ 868.935353][T27079] ? __lock_acquire+0xb62/0x1be0
[ 868.935499][T27079] ? __lock_acquire+0xb62/0x1be0
[ 868.935535][T27079] ? find_held_lock+0x2b/0x80
[ 868.935561][T27079] __i2c_smbus_xfer+0x703/0xfa0
[ 868.935586][T27079] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 868.935685][T27079] i2c_smbus_xfer+0x203/0x3d0
[ 868.935714][T27079] i2cdev_ioctl_smbus+0x277/0x870
[ 868.935747][T27079] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[ 868.935774][T27079] ? __might_fault+0x138/0x190
[ 868.935837][T27079] ? perf_trace_mmap_lock+0x570/0x820
[ 868.935866][T27079] i2cdev_ioctl+0x3bc/0x820
[ 868.935885][T27079] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 868.935905][T27079] ? __fget_files+0x1fb/0x3b0
[ 868.935932][T27079] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 868.935952][T27079] __x64_sys_ioctl+0x18f/0x210
[ 868.935973][T27079] do_syscall_64+0xcb/0xfa0
[ 868.936076][T27079] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 868.936098][T27079] RIP: 0033:0x7f4e641b059d
[ 868.936115][T27079] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 868.936133][T27079] RSP: 002b:00007f4e64fe5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 868.936153][T27079] RAX: ffffffffffffffda RBX: 00007f4e64425fa0 RCX: 00007f4e641b059d
[ 868.936166][T27079] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000003
[ 868.936191][T27079] RBP: 00007f4e64fe6010 R08: 0000000000000000 R09: 0000000000000000
[ 868.936202][T27079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 868.936214][T27079] R13: 00007f4e64426038 R14: 00007f4e64425fa0 R15: 00007f4e64fc6000
[ 868.936243][T27079] </TASK>
[ 869.012276][T27081] i2c i2c-0: Invalid block write size 137
[ 869.510873][T27090] i2c i2c-0: Invalid block write size 96
[ 869.701919][T27099] i2c i2c-0: Invalid block write size 96
[ 869.876477][T27111] FAULT_INJECTION: forcing a failure.
[ 869.876477][T27111] name failslab, interval 1, probability 0, space 0, times 0
[ 869.890769][T27111] CPU: 3 UID: 0 PID: 27111 Comm: syz.3.6134 Not tainted 6.18.0 #1 PREEMPT(full)
[ 869.890793][T27111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 869.890805][T27111] Call Trace:
[ 869.890811][T27111] <TASK>
[ 869.890855][T27111] dump_stack_lvl+0x180/0x1b0
[ 869.890887][T27111] should_fail_ex+0x520/0x650
[ 869.890930][T27111] ? i2c_smbus_try_get_dmabuf+0x5d/0x130
[ 869.890952][T27111] should_failslab+0xc2/0x120
[ 869.890977][T27111] __kmalloc_noprof+0xdc/0x8c0
[ 869.891002][T27111] ? i2c_smbus_try_get_dmabuf+0x5d/0x130
[ 869.891022][T27111] i2c_smbus_try_get_dmabuf+0x5d/0x130
[ 869.891044][T27111] i2c_smbus_xfer_emulated+0x7c2/0x11b0
[ 869.891069][T27111] ? __pfx_i2c_smbus_xfer_emulated+0x10/0x10
[ 869.891092][T27111] ? __lock_acquire+0xb62/0x1be0
[ 869.891119][T27111] ? __lock_acquire+0xb62/0x1be0
[ 869.891150][T27111] ? find_held_lock+0x2b/0x80
[ 869.891210][T27111] __i2c_smbus_xfer+0x703/0xfa0
[ 869.891233][T27111] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 869.891264][T27111] i2c_smbus_xfer+0x203/0x3d0
[ 869.891287][T27111] i2cdev_ioctl_smbus+0x277/0x870
[ 869.891315][T27111] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[ 869.891338][T27111] ? __might_fault+0x138/0x190
[ 869.891359][T27111] ? perf_trace_mmap_lock+0x570/0x820
[ 869.891385][T27111] i2cdev_ioctl+0x3bc/0x820
[ 869.891401][T27111] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 869.891418][T27111] ? __fget_files+0x1fb/0x3b0
[ 869.891441][T27111] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 869.891458][T27111] __x64_sys_ioctl+0x18f/0x210
[ 869.891477][T27111] do_syscall_64+0xcb/0xfa0
[ 869.891504][T27111] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 869.891522][T27111] RIP: 0033:0x7f2e52db059d
[ 869.891537][T27111] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 869.891553][T27111] RSP: 002b:00007f2e53b8ff98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 869.891608][T27111] RAX: ffffffffffffffda RBX: 00007f2e53025fa0 RCX: 00007f2e52db059d
[ 869.891620][T27111] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000003
[ 869.891630][T27111] RBP: 00007f2e53b90010 R08: 0000000000000000 R09: 0000000000000000
[ 869.891640][T27111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 869.891649][T27111] R13: 00007f2e53026038 R14: 00007f2e53025fa0 R15: 00007f2e53b70000
[ 869.891694][T27111] </TASK>
[ 870.139127][ C2] vkms_vblank_simulate: vblank timer overrun
[ 870.174304][T27110] i2c i2c-0: Invalid block write size 137
[ 870.177572][T27114] i2c i2c-0: Invalid block write size 137
[ 870.563355][T27126] i2c i2c-0: Invalid block write size 96
[ 870.865453][T27135] i2c i2c-0: Invalid block write size 137
[ 870.998941][T27141] FAULT_INJECTION: forcing a failure.
[ 870.998941][T27141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 871.008740][T27141] CPU: 2 UID: 0 PID: 27141 Comm: syz.0.6149 Not tainted 6.18.0 #1 PREEMPT(full)
[ 871.008767][T27141] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 871.008778][T27141] Call Trace:
[ 871.008786][T27141] <TASK>
[ 871.008795][T27141] dump_stack_lvl+0x180/0x1b0
[ 871.008830][T27141] should_fail_ex+0x520/0x650
[ 871.008856][T27141] _copy_to_user+0x32/0xd0
[ 871.008881][T27141] simple_read_from_buffer+0xcb/0x180
[ 871.009011][T27141] proc_fail_nth_read+0x18a/0x240
[ 871.009761][T27141] ? __pfx_proc_fail_nth_read+0x10/0x10
[ 871.009791][T27141] ? rw_verify_area+0xcf/0x6e0
[ 871.009828][T27141] ? __pfx_proc_fail_nth_read+0x10/0x10
[ 871.009848][T27141] vfs_read+0x1e6/0xc70
[ 871.009886][T27141] ? __pfx___mutex_lock+0x10/0x10
[ 871.009906][T27141] ? __pfx_vfs_read+0x10/0x10
[ 871.009927][T27141] ? __fget_files+0x1f1/0x3b0
[ 871.009953][T27141] ? __fget_files+0x1fb/0x3b0
[ 871.009982][T27141] ksys_read+0x121/0x240
[ 871.010003][T27141] ? __pfx_ksys_read+0x10/0x10
[ 871.010031][T27141] do_syscall_64+0xcb/0xfa0
[ 871.010060][T27141] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 871.010078][T27141] RIP: 0033:0x7fd982baef6c
[ 871.013249][T27141] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 09 0e 03 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 4f 0e 03 00 48
[ 871.013265][T27141] RSP: 002b:00007fd983a8df90 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 871.013285][T27141] RAX: ffffffffffffffda RBX: 00007fd982e25fa0 RCX: 00007fd982baef6c
[ 871.013298][T27141] RDX: 000000000000000f RSI: 00007fd983a8e020 RDI: 0000000000000004
[ 871.013309][T27141] RBP: 00007fd983a8e010 R08: 0000000000000000 R09: 0000000000000000
[ 871.013319][T27141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 871.013330][T27141] R13: 00007fd982e26038 R14: 00007fd982e25fa0 R15: 00007fd983a6e000
[ 871.013359][T27141] </TASK>
[ 871.040304][T27140] i2c i2c-0: Invalid block write size 137
[ 871.046772][ C2] vkms_vblank_simulate: vblank timer overrun
[ 871.192391][ C2] vkms_vblank_simulate: vblank timer overrun
[ 871.395798][T27152] i2c i2c-0: Invalid block write size 96
[ 871.665942][ C2] vkms_vblank_simulate: vblank timer overrun
[ 872.106336][ C2] vkms_vblank_simulate: vblank timer overrun
[ 872.308416][ C2] vkms_vblank_simulate: vblank timer overrun
[ 872.583848][T27186] i2c i2c-0: Invalid block write size 96
[ 872.653741][ C2] vkms_vblank_simulate: vblank timer overrun
[ 872.724256][ C2] vkms_vblank_simulate: vblank timer overrun
[ 872.855992][T27193] i2c i2c-0: Invalid block write size 137
[ 872.974730][T27194] i2c i2c-0: Invalid block write size 137
[ 873.096345][ C2] vkms_vblank_simulate: vblank timer overrun
[ 873.245346][T27210] i2c i2c-0: Invalid block write size 137
[ 873.468777][T27216] i2c i2c-0: Invalid block write size 96
[ 873.554923][ C2] vkms_vblank_simulate: vblank timer overrun
[ 873.633314][ C2] vkms_vblank_simulate: vblank timer overrun
[ 873.643369][T27222] i2c i2c-0: Invalid block write size 137
[ 873.708256][ C2] vkms_vblank_simulate: vblank timer overrun
[ 873.737124][T27226] i2c i2c-0: Invalid block write size 137
[ 873.913554][T27233] i2c i2c-0: Invalid block write size 137
[ 874.024704][T27050] warn_alloc: 6 callbacks suppressed
[ 874.024754][T27050] syz.2.6110: vmalloc error: size 3551232, failed to allocated page array size 6936, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 874.054974][ C2] vkms_vblank_simulate: vblank timer overrun
[ 874.062661][T27050] CPU: 2 UID: 0 PID: 27050 Comm: syz.2.6110 Not tainted 6.18.0 #1 PREEMPT(full)
[ 874.062768][T27050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 874.062780][T27050] Call Trace:
[ 874.062787][T27050] <TASK>
[ 874.062794][T27050] dump_stack_lvl+0x180/0x1b0
[ 874.062826][T27050] warn_alloc+0x211/0x360
[ 874.062867][T27050] ? __pfx_warn_alloc+0x10/0x10
[ 874.062883][T27050] ? rcu_is_watching+0x12/0xc0
[ 874.062947][T27050] ? __pfx_alloc_vmap_area+0x10/0x10
[ 874.062989][T27050] ? __get_vm_area_node+0x10c/0x340
[ 874.063031][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063189][T27050] ? __vmalloc_node_noprof+0xac/0xf0
[ 874.063217][T27050] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 874.063248][T27050] ? alloc_vmap_area+0x55c/0x2860
[ 874.063269][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063299][T27050] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 874.063323][T27050] ? __pfx_alloc_vmap_area+0x10/0x10
[ 874.063344][T27050] ? kasan_quarantine_put+0x10d/0x230
[ 874.063364][T27050] ? __get_vm_area_node+0x10c/0x340
[ 874.063392][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063415][T27050] __vmalloc_node_noprof+0xac/0xf0
[ 874.063439][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063465][T27050] __vmalloc_node_range_noprof+0x40d/0x13b0
[ 874.063497][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063526][T27050] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 874.063561][T27050] __kvmalloc_node_noprof+0x41f/0x9d0
[ 874.063598][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063624][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063652][T27050] ? drm_property_create_blob.part.0+0x34/0x320
[ 874.063687][T27050] drm_property_create_blob.part.0+0x34/0x320
[ 874.063714][T27050] drm_mode_createblob_ioctl+0x139/0x490
[ 874.063741][T27050] drm_ioctl_kernel+0x1ed/0x3e0
[ 874.063768][T27050] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 874.063792][T27050] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 874.063814][T27050] drm_ioctl+0x574/0xb90
[ 874.063832][T27050] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 874.063857][T27050] ? __pfx_drm_ioctl+0x10/0x10
[ 874.063874][T27050] ? hook_file_ioctl_common+0x146/0x3f0
[ 874.063901][T27050] ? __fget_files+0x1fb/0x3b0
[ 874.063923][T27050] ? __pfx_drm_ioctl+0x10/0x10
[ 874.063939][T27050] __x64_sys_ioctl+0x18f/0x210
[ 874.063957][T27050] do_syscall_64+0xcb/0xfa0
[ 874.063984][T27050] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 874.064001][T27050] RIP: 0033:0x7f1a7f5b059d
[ 874.064017][T27050] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 874.064032][T27050] RSP: 002b:00007f1a7d7f5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 874.064049][T27050] RAX: ffffffffffffffda RBX: 00007f1a7f825fa0 RCX: 00007f1a7f5b059d
[ 874.065718][T27050] RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 000000000000000a
[ 874.065730][T27050] RBP: 00007f1a7f64e078 R08: 0000000000000000 R09: 0000000000000000
[ 874.065741][T27050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 874.065750][T27050] R13: 00007f1a7f826038 R14: 00007f1a7f825fa0 R15: 00007f1a7d7d6000
[ 874.065772][T27050] </TASK>
[ 874.065779][T27050] Mem-Info:
[ 874.105136][ C2] vkms_vblank_simulate: vblank timer overrun
[ 874.302058][T27247] i2c i2c-0: Invalid block write size 137
[ 874.313025][T27050] active_anon:7031 inactive_anon:0 isolated_anon:0
[ 874.313025][T27050] active_file:4240 inactive_file:53153 isolated_file:0
[ 874.313025][T27050] unevictable:1768 dirty:2589 writeback:0
[ 874.313025][T27050] slab_reclaimable:12918 slab_unreclaimable:65087
[ 874.313025][T27050] mapped:28407 shmem:2800 pagetables:1605
[ 874.313025][T27050] sec_pagetables:0 bounce:0
[ 874.313025][T27050] kernel_misc_reclaimable:0
[ 874.313025][T27050] free:423652 free_pcp:12944 free_cma:0
[ 874.313192][T27050] Node 0 active_anon:11704kB inactive_anon:0kB active_file:11332kB inactive_file:61020kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:70960kB dirty:9140kB writeback:0kB shmem:5296kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5660kB pagetables:3556kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 874.313236][T27050] Node 1 active_anon:16420kB inactive_anon:0kB active_file:5628kB inactive_file:151592kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42668kB dirty:1216kB writeback:0kB shmem:5904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6624kB pagetables:2864kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 874.313279][T27050] Node 0 DMA free:15124kB boost:0kB min:452kB low:564kB high:676kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:236kB local_pcp:68kB free_cma:0kB
[ 874.313352][T27050] lowmem_reserve[]: 0 1176 1176 1176 1176
[ 874.313396][T27050] Node 0 DMA32 free:601104kB boost:0kB min:34836kB low:43544kB high:52252kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11704kB inactive_anon:0kB active_file:11332kB inactive_file:61020kB unevictable:3536kB writepending:9140kB zspages:0kB present:2080772kB managed:1204832kB mlocked:0kB bounce:0kB free_pcp:22688kB local_pcp:16356kB free_cma:0kB
[ 874.313451][T27050] lowmem_reserve[]: 0 0 0 0 0
[ 874.313486][T27050] Node 1 DMA32 free:964308kB boost:0kB min:29136kB low:36420kB high:43704kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048444kB managed:982908kB mlocked:0kB bounce:0kB free_pcp:18528kB local_pcp:4732kB free_cma:0kB
[ 874.332929][T27249] i2c i2c-0: Invalid block write size 96
[ 874.338418][T27050] lowmem_reserve[]:
[ 874.506547][T27251] i2c i2c-0: Invalid block write size 137
[ 874.518026][ C2] vkms_vblank_simulate: vblank timer overrun
[ 874.775978][T27260] i2c i2c-0: Invalid block write size 137
[ 979.406907][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 979.423580][ C0] rcu: 2-...!: (10 ticks this GP) idle=4f7c/1/0x4000000000000000 softirq=64211/64211 fqs=13
[ 979.435469][ C0] rcu: (detected by 0, t=10505 jiffies, g=77557, q=966 ncpus=4)
[ 979.449146][ C0] Sending NMI from CPU 0 to CPUs 2:
[ 979.449872][ C2] NMI backtrace for cpu 2
[ 979.450196][ C2] CPU: 2 UID: 0 PID: 27050 Comm: syz.2.6110 Not tainted 6.18.0 #1 PREEMPT(full)
[ 979.450299][ C2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 979.450410][ C2] RIP: 0010:native_queued_spin_lock_slowpath+0x23e/0x9c0
[ 979.450955][ C2] Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 1c 07 00 00 b8 01 00 00 00 66 89 45 00 e9 c2 fe ff ff 89 44 24 40 f3 90 <e9> 5e fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
[ 979.450975][ C2] RSP: 0018:ffffc90000658b78 EFLAGS: 00000002
[ 979.451046][ C2] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8b43f32e
[ 979.451058][ C2] RDX: ffffed10044eac6b RSI: 0000000000000004 RDI: ffff888022756350
[ 979.451069][ C2] RBP: ffff888022756350 R08: 0000000000000000 R09: ffffed10044eac6a
[ 979.451080][ C2] R10: ffff888022756353 R11: 0000000000000000 R12: 1ffff920000cb171
[ 979.451091][ C2] R13: 0000000000000003 R14: ffffed10044eac6a R15: ffffc90000658bb8
[ 979.451103][ C2] FS: 00007f1a7d7f6640(0000) GS:ffff8880cf101000(0000) knlGS:0000000000000000
[ 979.451227][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 979.451258][ C2] CR2: 00007f2e53b8fff0 CR3: 0000000061616000 CR4: 00000000000006f0
[ 979.451287][ C2] Call Trace:
[ 979.451296][ C2] <IRQ>
[ 979.451383][ C2] ? __pfx_native_queued_spin_lock_slowpath+0x10/0x10
[ 979.451451][ C2] ? console_unlock+0x16e/0x1f0
[ 979.451619][ C2] ? __pfx_console_unlock+0x10/0x10
[ 979.451638][ C2] do_raw_spin_lock+0x20d/0x2b0
[ 979.451812][ C2] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 979.451835][ C2] _raw_spin_lock_irqsave+0x45/0x60
[ 979.451876][ C2] ? drm_handle_vblank+0x125/0xc70
[ 979.452028][ C2] drm_handle_vblank+0x125/0xc70
[ 979.452209][ C2] ? do_raw_spin_lock+0x12b/0x2b0
[ 979.452229][ C2] ? __pfx_drm_handle_vblank+0x10/0x10
[ 979.452265][ C2] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 979.452282][ C2] ? kvm_clock_get_cycles+0x3f/0x70
[ 979.452377][ C2] ? ktime_get+0x1c7/0x300
[ 979.452459][ C2] vkms_vblank_simulate+0xa8/0x390
[ 979.452609][ C2] ? __pfx_vkms_vblank_simulate+0x10/0x10
[ 979.452629][ C2] __hrtimer_run_queues+0x1f5/0xb30
[ 979.452650][ C2] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 979.452667][ C2] ? ktime_get_update_offsets_now+0x2ac/0x450
[ 979.452692][ C2] hrtimer_interrupt+0x39a/0x880
[ 979.452713][ C2] __sysvec_apic_timer_interrupt+0x10d/0x400
[ 979.457842][ C2] sysvec_apic_timer_interrupt+0xa3/0xc0
[ 979.457922][ C2] </IRQ>
[ 979.457929][ C2] <TASK>
[ 979.457936][ C2] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 979.457993][ C2] RIP: 0010:console_flush_all+0x905/0xbe0
[ 979.458016][ C2] Code: 24 08 48 8d 68 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 ab 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 ef c7 20 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 1e ff ff ff 4c 89 ef e8 c4 20 87
[ 979.458032][ C2] RSP: 0018:ffffc90002dd7138 EFLAGS: 00000246
[ 979.458076][ C2] RAX: ffffffff8ee702d8 RBX: 0000000000000001 RCX: ffffc90007631000
[ 979.458093][ C2] RDX: 0000000000080000 RSI: ffffffff81999011 RDI: 0000000000000007
[ 979.458104][ C2] RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000001
[ 979.458115][ C2] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000000
[ 979.458125][ C2] R13: ffffffff8ee702d8 R14: dffffc0000000000 R15: ffffffff8ee70280
[ 979.458141][ C2] ? console_flush_all+0x901/0xbe0
[ 979.458161][ C2] ? console_flush_all+0x901/0xbe0
[ 979.458180][ C2] ? __pfx_console_flush_all+0x10/0x10
[ 979.458201][ C2] ? is_printk_cpu_sync_owner+0x32/0x40
[ 979.458224][ C2] console_unlock+0xc2/0x1f0
[ 979.458256][ C2] ? __pfx_console_unlock+0x10/0x10
[ 979.458275][ C2] ? vprintk_emit+0x553/0x670
[ 979.458296][ C2] vprintk_emit+0x3e7/0x670
[ 979.458312][ C2] ? __pfx_vprintk_emit+0x10/0x10
[ 979.458334][ C2] _printk+0xbe/0xf0
[ 979.458373][ C2] ? __pfx__printk+0x10/0x10
[ 979.458396][ C2] ? show_free_areas+0x120a/0x2140
[ 979.458510][ C2] ? vprintk_emit+0x1dd/0x670
[ 979.458531][ C2] show_free_areas+0x121d/0x2140
[ 979.458637][ C2] ? __pfx_show_free_areas+0x10/0x10
[ 979.458657][ C2] ? _printk+0xbe/0xf0
[ 979.458680][ C2] ? __pfx__printk+0x10/0x10
[ 979.458703][ C2] ? __show_mem+0x1b/0x150
[ 979.458717][ C2] __show_mem+0x34/0x150
[ 979.458784][ C2] warn_alloc+0x278/0x360
[ 979.458857][ C2] ? __pfx_warn_alloc+0x10/0x10
[ 979.458873][ C2] ? rcu_is_watching+0x12/0xc0
[ 979.458926][ C2] ? __pfx_alloc_vmap_area+0x10/0x10
[ 979.458971][ C2] ? __get_vm_area_node+0x10c/0x340
[ 979.458998][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459038][ C2] ? __vmalloc_node_noprof+0xac/0xf0
[ 979.459066][ C2] __vmalloc_node_range_noprof+0xfaa/0x13b0
[ 979.459117][ C2] ? alloc_vmap_area+0x55c/0x2860
[ 979.459140][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459168][ C2] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 979.459193][ C2] ? __pfx_alloc_vmap_area+0x10/0x10
[ 979.459216][ C2] ? kasan_quarantine_put+0x10d/0x230
[ 979.459299][ C2] ? __get_vm_area_node+0x10c/0x340
[ 979.459324][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459348][ C2] __vmalloc_node_noprof+0xac/0xf0
[ 979.459372][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459397][ C2] __vmalloc_node_range_noprof+0x40d/0x13b0
[ 979.459427][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459455][ C2] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 979.459487][ C2] __kvmalloc_node_noprof+0x41f/0x9d0
[ 979.459523][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459550][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459577][ C2] ? drm_property_create_blob.part.0+0x34/0x320
[ 979.459602][ C2] drm_property_create_blob.part.0+0x34/0x320
[ 979.459688][ C2] drm_mode_createblob_ioctl+0x139/0x490
[ 979.459717][ C2] drm_ioctl_kernel+0x1ed/0x3e0
[ 979.459785][ C2] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 979.459813][ C2] ? __pfx_drm_ioctl_kernel+0x10/0x10
[ 979.459831][ C2] drm_ioctl+0x574/0xb90
[ 979.459848][ C2] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10
[ 979.459872][ C2] ? __pfx_drm_ioctl+0x10/0x10
[ 979.459888][ C2] ? hook_file_ioctl_common+0x146/0x3f0
[ 979.460025][ C2] ? __fget_files+0x1fb/0x3b0
[ 979.460076][ C2] ? __pfx_drm_ioctl+0x10/0x10
[ 979.460092][ C2] __x64_sys_ioctl+0x18f/0x210
[ 979.460171][ C2] do_syscall_64+0xcb/0xfa0
[ 979.460230][ C2] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 979.460317][ C2] RIP: 0033:0x7f1a7f5b059d
[ 979.460492][ C2] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 979.460507][ C2] RSP: 002b:00007f1a7d7f5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 979.460523][ C2] RAX: ffffffffffffffda RBX: 00007f1a7f825fa0 RCX: 00007f1a7f5b059d
[ 979.460534][ C2] RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 000000000000000a
[ 979.460543][ C2] RBP: 00007f1a7f64e078 R08: 0000000000000000 R09: 0000000000000000
[ 979.460552][ C2] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 979.460561][ C2] R13: 00007f1a7f826038 R14: 00007f1a7f825fa0 R15: 00007f1a7d7d6000
[ 979.460577][ C2] </TASK>
[ 979.460847][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10449 jiffies! g77557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 980.236974][ C0] rcu: Possible timer handling issue on cpu=1 timer-softirq=43340
[ 980.240788][ C0] rcu: rcu_preempt kthread starved for 10450 jiffies! g77557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[ 980.245829][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 980.252536][ C0] rcu: RCU grace-period kthread stack dump:
[ 980.256021][ C0] task:rcu_preempt state:I stack:28424 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
[ 980.263855][ C0] Call Trace:
[ 980.265971][ C0] <TASK>
[ 980.268522][ C0] __schedule+0x1044/0x5bb0
[ 980.271357][ C0] ? __lock_acquire+0x636/0x1be0
[ 980.273954][ C0] ? __pfx___schedule+0x10/0x10
[ 980.277151][ C0] ? schedule+0x2d6/0x3a0
[ 980.279708][ C0] schedule+0xe7/0x3a0
[ 980.282198][ C0] schedule_timeout+0x113/0x280
[ 980.285094][ C0] ? __pfx_schedule_timeout+0x10/0x10
[ 980.288307][ C0] ? __pfx_process_timeout+0x10/0x10
[ 980.291599][ C0] ? ceph_sock_data_ready+0xd0/0x390
[ 980.298135][ C0] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 980.306016][ C0] ? prepare_to_swait_event+0xf6/0x490
[ 980.313062][ C0] rcu_gp_fqs_loop+0x18c/0xa00
[ 980.316396][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 980.323031][ C0] ? rcu_gp_cleanup+0x7d4/0xd70
[ 980.325575][ C0] rcu_gp_kthread+0x26f/0x370
[ 980.332537][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10
[ 980.338988][ C0] ? __kthread_parkme+0x1b1/0x250
[ 980.341870][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10
[ 980.347979][ C0] kthread+0x3d0/0x780
[ 980.354149][ C0] ? __pfx_kthread+0x10/0x10
[ 980.356766][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 980.363215][ C0] ? __pfx_kthread+0x10/0x10
[ 980.365669][ C0] ret_from_fork+0x676/0x7d0
[ 980.372704][ C0] ? __pfx_kthread+0x10/0x10
[ 980.379327][ C0] ret_from_fork_asm+0x1a/0x30
[ 980.386100][ C0] </TASK>
[ 980.388015][ C0] rcu: Stack dump where RCU GP kthread last ran:
[ 980.395112][ C0] Sending NMI from CPU 0 to CPUs 1:
[ 980.399749][ C1] NMI backtrace for cpu 1
[ 980.399831][ C1] CPU: 1 UID: 0 PID: 27261 Comm: syz.1.6200 Not tainted 6.18.0 #1 PREEMPT(full)
[ 980.399851][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 980.399876][ C1] RIP: 0010:native_queued_spin_lock_slowpath+0x23e/0x9c0
[ 980.399936][ C1] Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 1c 07 00 00 b8 01 00 00 00 66 89 45 00 e9 c2 fe ff ff 89 44 24 40 f3 90 <e9> 5e fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
[ 980.399951][ C1] RSP: 0018:ffffc90002d97b48 EFLAGS: 00000002
[ 980.399963][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8b43f32e
[ 980.399973][ C1] RDX: ffffed10044eac6b RSI: 0000000000000004 RDI: ffff888022756350
[ 980.399982][ C1] RBP: ffff888022756350 R08: 0000000000000000 R09: ffffed10044eac6a
[ 980.399991][ C1] R10: ffff888022756353 R11: 0000000000000000 R12: 1ffff920005b2f6b
[ 980.400001][ C1] R13: 0000000000000003 R14: ffffed10044eac6a R15: ffffc90002d97b88
[ 980.400023][ C1] FS: 000055557fb21500(0000) GS:ffff8881a2601000(0000) knlGS:0000000000000000
[ 980.400073][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 980.400090][ C1] CR2: 00007f4e64fa3fc8 CR3: 0000000131d68000 CR4: 00000000000006f0
[ 980.400118][ C1] Call Trace:
[ 980.400126][ C1] <TASK>
[ 980.400134][ C1] ? __pfx_native_queued_spin_lock_slowpath+0x10/0x10
[ 980.400176][ C1] do_raw_spin_lock+0x20d/0x2b0
[ 980.400193][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 980.400209][ C1] _raw_spin_lock_irqsave+0x45/0x60
[ 980.400227][ C1] ? drm_file_free.part.0+0x2fd/0xcf0
[ 980.400330][ C1] drm_file_free.part.0+0x2fd/0xcf0
[ 980.400382][ C1] drm_close_helper.isra.0+0x183/0x1f0
[ 980.400400][ C1] drm_release+0x1ab/0x360
[ 980.400415][ C1] ? __pfx_drm_release+0x10/0x10
[ 980.400442][ C1] __fput+0x402/0xb50
[ 980.400527][ C1] task_work_run+0x16b/0x260
[ 980.400567][ C1] ? __pfx_task_work_run+0x10/0x10
[ 980.400585][ C1] exit_to_user_mode_loop+0xf9/0x130
[ 980.400631][ C1] do_syscall_64+0x424/0xfa0
[ 980.400657][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 980.400674][ C1] RIP: 0033:0x7f4e641b059d
[ 980.402827][ C1] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 980.402844][ C1] RSP: 002b:00007fff56b8c5b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 980.402877][ C1] RAX: 0000000000000000 RBX: 00007f4e64427da0 RCX: 00007f4e641b059d
[ 980.402886][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 980.402895][ C1] RBP: 00007fff56b8c658 R08: 0000001b33b205bc R09: 0000000000000000
[ 980.402905][ C1] R10: 0000001b33f20000 R11: 0000000000000246 R12: ffffffffffffffff
[ 980.402915][ C1] R13: 00007f4e6442609c R14: 00007f4e64427da0 R15: 00007fff56b8c680
[ 980.402932][ C1] </TASK>
Best regards, Zhi Wang
> -----原始邮件-----
> 发件人: "Petr Mladek" <pmladek@suse.com>
> 发送时间:2026-01-05 23:48:25 (星期一)
> 收件人: 王志 <23009200614@stu.xidian.edu.cn>
> 抄送: rodrigosiqueiramelo@gmail.com, daniel@ffwll.ch, senozhatsky@chromium.org, paulmck@kernel.org, "Maarten Lankhorst" <maarten.lankhorst@linux.intel.com>, "Maxime Ripard" <mripard@kernel.org>, "Thomas Zimmermann" <tzimmermann@suse.de>, "David Airlie" <airlied@gmail.com>, "Simona Vetter" <simona@ffwll.ch>, dri-devel@lists.freedesktop.org
> 主题: Re: [BUG] RCU stall in vkms_vblank_simulate due to lock contention during warn_alloc (6.18.0)
>
> Adding some DRM people into Cc.
>
> On Sun 2026-01-04 11:51:35, 王志 wrote:
> > Dear Developers,
> >
> > I am reporting an RCU CPU stall detected by Syzkaller on Linux 6.18.0. The issue involves a deadlock-like scenario in the VKMS driver when memory allocation warnings occur.
> >
> > Analysis: CPU 2 is executing a DRM ioctl and enters warn_alloc, which invokes printk. While flushing the console, an hrtimer interrupt fires and runs vkms_vblank_simulate.
> >
> > The interrupt handler stalls at drm_handle_vblank trying to acquire a spinlock, which appears to be held by CPU 1 (running drm_file_free). Since this happens in hard IRQ context, CPU 2 spins indefinitely, leading to the RCU stall.
>
> If it spins indefinitelly then it looks like a deadlock.
>
> But it seems that both CPU1 and CPU2 are waiting for the (same?)
> lock, see below.
>
> > Stack Trace Highlights:
> >
> > RIP: native_queued_spin_lock_slowpath
> > <IRQ>
> > drm_handle_vblank+0x125/0xc70
> > vkms_vblank_simulate+0xa8/0x390
> > hrtimer_interrupt
> > <TASK>
> > console_flush_all
> > warn_alloc
> > __kvmalloc_node_noprof
> > drm_property_create_blob
> > drm_ioctl
> > Environment:
> >
> > Kernel: 6.18.0 #1 PREEMPT(full)
> >
> > Config: KASAN enabled
> >
> > Hardware: QEMU (i440FX)
> >
> > It seems like the combination of PREEMPT(full) and the long duration of warn_alloc's printk cycle makes the system vulnerable to this interrupt-level contention.
> >
> > rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> > rcu: 2-...!: (10 ticks this GP) idle=4f7c/1/0x4000000000000000 softirq=64211/64211 fqs=13
> > rcu: (detected by 0, t=10505 jiffies, g=77557, q=966 ncpus=4)
> > Sending NMI from CPU 0 to CPUs 2:
> > NMI backtrace for cpu 2
> > CPU: 2 UID: 0 PID: 27050 Comm: syz.2.6110 Not tainted 6.18.0 #1 PREEMPT(full)
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
> > RIP: 0010:native_queued_spin_lock_slowpath+0x23e/0x9c0
>
> This is spin_lock_slowpath on CPU2 => CPU2 is spinning and waiting for
> a lock.
>
> Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 1c 07 00 00 b8 01 00 00 00 66 89 45 00 e9 c2 fe ff ff 89 44 24 40 f3 90 <e9> 5e fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
> > RSP: 0018:ffffc90000658b78 EFLAGS: 00000002
> > RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8b43f32e
> > RDX: ffffed10044eac6b RSI: 0000000000000004 RDI: ffff888022756350
> > RBP: ffff888022756350 R08: 0000000000000000 R09: ffffed10044eac6a
> > R10: ffff888022756353 R11: 0000000000000000 R12: 1ffff920000cb171
> > R13: 0000000000000003 R14: ffffed10044eac6a R15: ffffc90000658bb8
> > FS: 00007f1a7d7f6640(0000) GS:ffff8880cf101000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 00007f2e53b8fff0 CR3: 0000000061616000 CR4: 00000000000006f0
> > Call Trace:
> > <IRQ>
> > debug_spin_lock_before home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:87 [inline]
> > do_raw_spin_lock+0x20d/0x2b0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:115
> > __raw_spin_lock_irqsave home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/spinlock_api_smp.h:110 [inline]
> > _raw_spin_lock_irqsave+0x45/0x60 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock.c:162
> > drm_handle_vblank+0x125/0xc70
> > vkms_vblank_simulate+0xa8/0x390
> > __run_hrtimer home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/hrtimer.c:1779 [inline]
> > __hrtimer_run_queues+0x1f5/0xb30 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/hrtimer.c:1841
> > hrtimer_interrupt+0x39a/0x880 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/hrtimer.c:1912
> > instrument_atomic_read home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/instrumented.h:68 [inline]
> > _test_bit home/wmy/Fuzzer/third_tool/linux-6.18/include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
> > cpumask_test_cpu home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/cpumask.h:646 [inline]
> > cpu_online home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/cpumask.h:1205 [inline]
> > __do_trace_local_timer_exit home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/include/asm/trace/irq_vectors.h:40 [inline]
> > trace_local_timer_exit home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/include/asm/trace/irq_vectors.h:40 [inline]
> > __sysvec_apic_timer_interrupt+0x10d/0x400 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/kernel/apic/apic.c:1059
> > sysvec_apic_timer_interrupt+0xa3/0xc0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/kernel/apic/apic.c:2145
> > </IRQ>
> > <TASK>
> > asm_sysvec_apic_timer_interrupt+0x1a/0x20 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/include/asm/idtentry.h:697
> > RIP: 0010:srcu_read_unlock_nmisafe home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/srcu.h:449 [inline]
> > RIP: 0010:console_srcu_read_unlock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:303 [inline]
> > RIP: 0010:console_flush_all+0x905/0xbe0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:3225
> > Code: 24 08 48 8d 68 01 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 0f 85 ab 02 00 00 49 89 6f 58 e9 3a ff ff ff e8 ef c7 20 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 30 00 0f 84 1e ff ff ff 4c 89 ef e8 c4 20 87
> > RSP: 0018:ffffc90002dd7138 EFLAGS: 00000246
> > RAX: ffffffff8ee702d8 RBX: 0000000000000001 RCX: ffffc90007631000
> > RDX: 0000000000080000 RSI: ffffffff81999011 RDI: 0000000000000007
> > RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000001
> > R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000000
> > R13: ffffffff8ee702d8 R14: dffffc0000000000 R15: ffffffff8ee70280
> > __console_flush_and_unlock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:3258 [inline]
> > console_unlock+0xc2/0x1f0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:3298
> > console_trylock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2843 [inline]
> > console_trylock home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2836 [inline]
> > console_trylock_spinning home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:1982 [inline]
> > vprintk_emit+0x3e7/0x670 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2422
> > _printk+0xbe/0xf0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/printk/printk.c:2447
> > show_free_areas+0x121d/0x2140 home/wmy/Fuzzer/third_tool/linux-6.18/mm/show_mem.c:299
> > __show_mem+0x34/0x150 home/wmy/Fuzzer/third_tool/linux-6.18/mm/show_mem.c:408
> > warn_alloc_show_mem home/wmy/Fuzzer/third_tool/linux-6.18/mm/page_alloc.c:3938 [inline]
> > warn_alloc+0x278/0x360 home/wmy/Fuzzer/third_tool/linux-6.18/mm/page_alloc.c:3963
> > free_vm_area home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:4619 [inline]
> > __vmalloc_area_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3709 [inline]
> > __vmalloc_node_range_noprof+0xfaa/0x13b0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3897
> > __vmalloc_node_noprof+0xac/0xf0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3960
> > set_vm_area_page_order home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3089 [inline]
> > __vmalloc_area_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3713 [inline]
> > __vmalloc_node_range_noprof+0x40d/0x13b0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/vmalloc.c:3897
> > slab_want_init_on_free home/wmy/Fuzzer/third_tool/linux-6.18/mm/slab.h:644 [inline]
> > slab_want_init_on_free home/wmy/Fuzzer/third_tool/linux-6.18/mm/slab.h:640 [inline]
> > maybe_wipe_obj_freeptr home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:4918 [inline]
> > slab_alloc_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:5278 [inline]
> > __do_kmalloc_node home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:5649 [inline]
> > __kvmalloc_node_noprof+0x41f/0x9d0 home/wmy/Fuzzer/third_tool/linux-6.18/mm/slub.c:7112
> > drm_property_create_blob.part.0+0x34/0x320
> > drm_mode_createblob_ioctl+0x139/0x490
> > drm_ioctl_kernel+0x1ed/0x3e0
> > drm_ioctl+0x574/0xb90
> > vfs_ioctl home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:51 [inline]
> > __do_sys_ioctl home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:597 [inline]
> > __se_sys_ioctl home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:583 [inline]
> > __x64_sys_ioctl+0x18f/0x210 home/wmy/Fuzzer/third_tool/linux-6.18/fs/ioctl.c:583
> > do_syscall_64+0xcb/0xfa0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/entry/syscall_64.c:99
> > entry_SYSCALL_64_after_hwframe+0x77/0x7f
> > RIP: 0033:0x7f1a7f5b059d
> > Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> > RSP: 002b:00007f1a7d7f5f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> > RAX: ffffffffffffffda RBX: 00007f1a7f825fa0 RCX: 00007f1a7f5b059d
> > RDX: 0000200000000000 RSI: 00000000c01064bd RDI: 000000000000000a
> > RBP: 00007f1a7f64e078 R08: 0000000000000000 R09: 0000000000000000
> > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> > R13: 00007f1a7f826038 R14: 00007f1a7f825fa0 R15: 00007f1a7d7d6000
> > </TASK>
> > rcu: rcu_preempt kthread timer wakeup didn't happen for 10449 jiffies! g77557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
> > rcu: Possible timer handling issue on cpu=1 timer-softirq=43340
> > rcu: rcu_preempt kthread starved for 10450 jiffies! g77557 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
> > rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
> > rcu: RCU grace-period kthread stack dump:
> > task:rcu_preempt state:I stack:28424 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
> > Call Trace:
> > <TASK>
> > sched_info_arrive home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/stats.h:267 [inline]
> > sched_info_switch home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/stats.h:330 [inline]
> > prepare_task_switch home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:5122 [inline]
> > context_switch home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:5272 [inline]
> > __schedule+0x1044/0x5bb0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:6929
> > __schedule_loop home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:7011 [inline]
> > schedule+0xe7/0x3a0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/sched/core.c:7026
> > schedule_timeout+0x113/0x280 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/time/sleep_timeout.c:98
> > rcu_gp_fqs_check_wake home/wmy/Fuzzer/third_tool/linux-6.18/kernel/rcu/tree.c:2007 [inline]
> > rcu_gp_fqs_loop+0x18c/0xa00 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/rcu/tree.c:2083
> > rcu_gp_kthread+0x26f/0x370 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/rcu/tree.c:2280
> > kthread+0x3d0/0x780 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/kthread.c:463
> > ret_from_fork+0x676/0x7d0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/kernel/process.c:195
> > ret_from_fork_asm+0x1a/0x30 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/entry/entry_64.S:245
> > </TASK>
> > rcu: Stack dump where RCU GP kthread last ran:
> > Sending NMI from CPU 0 to CPUs 1:
> > NMI backtrace for cpu 1
> > CPU: 1 UID: 0 PID: 27261 Comm: syz.1.6200 Not tainted 6.18.0 #1 PREEMPT(full)
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
> > RIP: 0010:native_queued_spin_lock_slowpath+0x23e/0x9c0
>
> This is spin_lock_slowpath on CPU1 => Also CPU1 seems to be spinning and
> waiting for a lock.
>
> On CPU2, in IRQ context, it seems that drm_handle_vblank() tries to take:
>
> + dev->event_lock
> + dev->vblank_time_lock
>
> On CPU1, in TASK context, it seems that drm_file_free() in
> drm_events_release() tries to take:
>
> + dev->event_lock
>
> So, I guess that that contention/deadlock is on dev->event_lock.
> But who owns the lock, please? It is not obvious to me.
>
> On CPU2, in TASK context, drm_property_create_blob() seems to take
> a mutex. So, it should not be holding any spin lock.
>
> What is going on CPU0?
> Could you please provice a (more) complete kernel log?
>
> And if there is a deadlock scenario then it might get reported
> by lockdep. Could you please try to enable CONFIG_PROVE_LOCKING?
>
> > Code: 02 48 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 1c 07 00 00 b8 01 00 00 00 66 89 45 00 e9 c2 fe ff ff 89 44 24 40 f3 90 <e9> 5e fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03
> > RSP: 0018:ffffc90002d97b48 EFLAGS: 00000002
> > RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8b43f32e
> > RDX: ffffed10044eac6b RSI: 0000000000000004 RDI: ffff888022756350
> > RBP: ffff888022756350 R08: 0000000000000000 R09: ffffed10044eac6a
> > R10: ffff888022756353 R11: 0000000000000000 R12: 1ffff920005b2f6b
> > R13: 0000000000000003 R14: ffffed10044eac6a R15: ffffc90002d97b88
> > FS: 000055557fb21500(0000) GS:ffff8881a2601000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 00007f4e64fa3fc8 CR3: 0000000131d68000 CR4: 00000000000006f0
> > Call Trace:
> > <TASK>
> > debug_spin_lock_before home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:87 [inline]
> > do_raw_spin_lock+0x20d/0x2b0 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock_debug.c:115
> > __raw_spin_lock_irqsave home/wmy/Fuzzer/third_tool/linux-6.18/include/linux/spinlock_api_smp.h:110 [inline]
> > _raw_spin_lock_irqsave+0x45/0x60 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/locking/spinlock.c:162
> > drm_file_free.part.0+0x2fd/0xcf0
> > drm_close_helper.isra.0+0x183/0x1f0
> > drm_release+0x1ab/0x360
> > __fput+0x402/0xb50 home/wmy/Fuzzer/third_tool/linux-6.18/fs/file_table.c:468
> > task_work_run+0x16b/0x260 home/wmy/Fuzzer/third_tool/linux-6.18/kernel/task_work.c:227
> > exit_to_user_mode_loop+0xf9/0x130
> > do_syscall_64+0x424/0xfa0 home/wmy/Fuzzer/third_tool/linux-6.18/arch/x86/entry/syscall_32.c:308
> > entry_SYSCALL_64_after_hwframe+0x77/0x7f
> > RIP: 0033:0x7f4e641b059d
> > Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
> > RSP: 002b:00007fff56b8c5b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
> > RAX: 0000000000000000 RBX: 00007f4e64427da0 RCX: 00007f4e641b059d
> > RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
> > RBP: 00007fff56b8c658 R08: 0000001b33b205bc R09: 0000000000000000
> > R10: 0000001b33f20000 R11: 0000000000000246 R12: ffffffffffffffff
> > R13: 00007f4e6442609c R14: 00007f4e64427da0 R15: 00007fff56b8c680
> > </TASK>
>
> Best Regards,
> Petr
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-01-06 8:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <2cea5f.92cc.19b8721c1b5.Coremail.23009200614@stu.xidian.edu.cn>
2026-01-05 15:48 ` [BUG] RCU stall in vkms_vblank_simulate due to lock contention during warn_alloc (6.18.0) Petr Mladek
2026-01-06 3:06 ` 王志
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.