program: r0 = syz_open_dev$dri(&(0x7f0000000280), 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r4, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000800)={0x0, 0x0, r5}) (fail_nth: 10) [ 85.707085][ T5314] Bluetooth: hci0: command tx timeout [ 85.838186][ T5341] FAULT_INJECTION: forcing a failure. [ 85.838186][ T5341] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 85.845917][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.845930][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.845935][ T5341] Call Trace: [ 85.845939][ T5341] [ 85.845945][ T5341] dump_stack_lvl+0x189/0x250 [ 85.846064][ T5341] ? __pfx____ratelimit+0x10/0x10 [ 85.846113][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.846125][ T5341] ? __pfx__printk+0x10/0x10 [ 85.846145][ T5341] ? _pt_iter_first+0x34b/0x5d0 [ 85.846195][ T5341] should_fail_ex+0x414/0x560 [ 85.846214][ T5341] prepare_alloc_pages+0x22b/0x650 [ 85.846231][ T5341] __alloc_frozen_pages_noprof+0x123/0x370 [ 85.846245][ T5341] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 85.846265][ T5341] ? __pfx___map_range_leaf+0x10/0x10 [ 85.846275][ T5341] __folio_alloc_noprof+0x18/0x120 [ 85.846286][ T5341] iommu_alloc_pages_node_sz+0x152/0x320 [ 85.846300][ T5341] ? __pfx_iommu_alloc_pages_node_sz+0x10/0x10 [ 85.846314][ T5341] ? clflush_cache_range+0x70/0xa0 [ 85.846325][ T5341] ? _pt_iter_first+0x3c8/0x5d0 [ 85.846343][ T5341] __map_range+0x1f2/0xa80 [ 85.846367][ T5341] ? __pfx___map_range+0x10/0x10 [ 85.846378][ T5341] ? __lock_acquire+0x6b6/0x2cf0 [ 85.846387][ T5341] ? _pt_iter_first+0x3c8/0x5d0 [ 85.846403][ T5341] __map_range+0x511/0xa80 [ 85.846425][ T5341] ? __pfx___map_range+0x10/0x10 [ 85.846441][ T5341] ? _pt_iter_first+0x2ed/0x5d0 [ 85.846458][ T5341] __map_range+0x511/0xa80 [ 85.846482][ T5341] ? __pfx___map_range+0x10/0x10 [ 85.846495][ T5341] ? check_path+0x21/0x40 [ 85.846507][ T5341] ? check_noncircular+0xda/0x150 [ 85.846519][ T5341] ? do_map+0x2ce/0xab0 [ 85.846537][ T5341] pt_iommu_vtdss_map_pages+0x6a3/0x960 [ 85.846560][ T5341] ? __pfx_pt_iommu_vtdss_map_pages+0x10/0x10 [ 85.846582][ T5341] ? do_raw_spin_lock+0x121/0x290 [ 85.846593][ T5341] ? __lock_acquire+0x6b6/0x2cf0 [ 85.846600][ T5341] ? iommu_pgsize+0x22d/0x350 [ 85.846609][ T5341] iommu_map_nosync+0x30a/0x840 [ 85.846620][ T5341] ? __pfx_iommu_map_nosync+0x10/0x10 [ 85.846629][ T5341] ? iommu_map_sg+0x291/0xae0 [ 85.846640][ T5341] ? iommu_map_sg+0x291/0xae0 [ 85.846654][ T5341] iommu_map_sg+0x579/0xae0 [ 85.846673][ T5341] ? __pfx_iommu_map_sg+0x10/0x10 [ 85.846684][ T5341] ? sg_alloc_append_table_from_pages+0xf33/0x11c0 [ 85.846710][ T5341] iommu_dma_map_sg+0x908/0x1000 [ 85.846733][ T5341] __dma_map_sg_attrs+0xd0/0x520 [ 85.846748][ T5341] dma_map_sgtable+0x67/0xf0 [ 85.846783][ T5341] drm_gem_map_dma_buf+0xfd/0x170 [ 85.846797][ T5341] dma_buf_map_attachment+0x1dc/0x480 [ 85.846811][ T5341] dma_buf_map_attachment_unlocked+0x97/0x110 [ 85.846824][ T5341] drm_gem_prime_import_dev+0x182/0x360 [ 85.846837][ T5341] virtgpu_gem_prime_import+0x1bb/0x740 [ 85.846845][ T5341] ? drm_gem_prime_fd_to_handle+0x13c/0x490 [ 85.846861][ T5341] ? __pfx_virtgpu_gem_prime_import+0x10/0x10 [ 85.846878][ T5341] ? __fget_files+0x2a/0x420 [ 85.846890][ T5341] ? __fget_files+0x3a0/0x420 [ 85.846906][ T5341] ? __pfx_virtgpu_gem_prime_import+0x10/0x10 [ 85.846917][ T5341] drm_gem_prime_fd_to_handle+0x18d/0x490 [ 85.846938][ T5341] drm_ioctl_kernel+0x2cf/0x390 [ 85.846949][ T5341] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 85.846960][ T5341] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 85.846973][ T5341] drm_ioctl+0x67f/0xb10 [ 85.846984][ T5341] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 85.846998][ T5341] ? __pfx_drm_ioctl+0x10/0x10 [ 85.847018][ T5341] ? __fget_files+0x3a0/0x420 [ 85.847029][ T5341] ? __fget_files+0x2a/0x420 [ 85.847042][ T5341] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.847054][ T5341] ? __pfx_drm_ioctl+0x10/0x10 [ 85.847067][ T5341] __se_sys_ioctl+0xfc/0x170 [ 85.847087][ T5341] do_syscall_64+0xfa/0xf80 [ 85.847100][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.847111][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 85.847125][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.847136][ T5341] RIP: 0033:0x7f15f818f7c9 [ 85.847147][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.847156][ T5341] RSP: 002b:00007f15f9056038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.847170][ T5341] RAX: ffffffffffffffda RBX: 00007f15f83e5fa0 RCX: 00007f15f818f7c9 [ 85.847177][ T5341] RDX: 0000200000000800 RSI: 00000000c00c642e RDI: 0000000000000003 [ 85.847184][ T5341] RBP: 00007f15f9056090 R08: 0000000000000000 R09: 0000000000000000 [ 85.847188][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 85.847192][ T5341] R13: 00007f15f83e6038 R14: 00007f15f83e5fa0 R15: 00007fff8f1d2908 [ 85.847204][ T5341] [ 85.847389][ T5341] ------------[ cut here ]------------ [ 86.046578][ T5341] kernel BUG at arch/x86/mm/physaddr.c:28! [ 86.077547][ T5341] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 86.080597][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.084544][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.089114][ T5341] RIP: 0010:__phys_addr+0x16b/0x180 [ 86.091419][ T5341] Code: 96 b3 00 e9 45 ff ff ff e8 d2 b0 4b 00 48 c7 c7 10 34 fb 8d 48 89 de 4c 89 f2 e8 50 a0 53 03 e9 4d ff ff ff e8 b6 b0 4b 00 90 <0f> 0b e8 ae b0 4b 00 90 0f 0b e8 a6 b0 4b 00 90 0f 0b 0f 1f 00 90 [ 86.099577][ T5341] RSP: 0018:ffffc9000d57ef40 EFLAGS: 00010293 [ 86.102332][ T5341] RAX: ffffffff8176113a RBX: 0000778000000000 RCX: ffff88801162c980 [ 86.105724][ T5341] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000778000000000 [ 86.109655][ T5341] RBP: ffffc9000d57f0f0 R08: ffffffff8e26c4f3 R09: 1ffffffff1c4d89e [ 86.113740][ T5341] R10: dffffc0000000000 R11: fffffbfff1c4d89f R12: 0000000000000011 [ 86.117082][ T5341] R13: dffffc0000000000 R14: 0000000080000000 R15: dffffc0000000000 [ 86.120291][ T5341] FS: 00007f15f90566c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 86.124516][ T5341] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.128015][ T5341] CR2: 000055f960061168 CR3: 0000000035b07000 CR4: 0000000000352ef0 [ 86.131984][ T5341] Call Trace: [ 86.133587][ T5341] [ 86.134775][ T5341] iommu_pages_start_incoherent+0x52/0x310 [ 86.137062][ T5341] __map_range+0x270/0xa80 [ 86.139012][ T5341] ? __pfx___map_range+0x10/0x10 [ 86.141142][ T5341] ? __lock_acquire+0x6b6/0x2cf0 [ 86.143414][ T5341] ? _pt_iter_first+0x3c8/0x5d0 [ 86.145683][ T5341] __map_range+0x511/0xa80 [ 86.147641][ T5341] ? __pfx___map_range+0x10/0x10 [ 86.149883][ T5341] ? _pt_iter_first+0x2ed/0x5d0 [ 86.151983][ T5341] __map_range+0x511/0xa80 [ 86.153954][ T5341] ? __pfx___map_range+0x10/0x10 [ 86.156095][ T5341] ? check_path+0x21/0x40 [ 86.158030][ T5341] ? check_noncircular+0xda/0x150 [ 86.160235][ T5341] ? do_map+0x2ce/0xab0 [ 86.162077][ T5341] pt_iommu_vtdss_map_pages+0x6a3/0x960 [ 86.164438][ T5341] ? __pfx_pt_iommu_vtdss_map_pages+0x10/0x10 [ 86.167137][ T5341] ? do_raw_spin_lock+0x121/0x290 [ 86.169404][ T5341] ? __lock_acquire+0x6b6/0x2cf0 [ 86.171599][ T5341] ? iommu_pgsize+0x22d/0x350 [ 86.173711][ T5341] iommu_map_nosync+0x30a/0x840 [ 86.175866][ T5341] ? __pfx_iommu_map_nosync+0x10/0x10 [ 86.178216][ T5341] ? iommu_map_sg+0x291/0xae0 [ 86.180198][ T5341] ? iommu_map_sg+0x291/0xae0 [ 86.182339][ T5341] iommu_map_sg+0x579/0xae0 [ 86.184328][ T5341] ? __pfx_iommu_map_sg+0x10/0x10 [ 86.186522][ T5341] ? sg_alloc_append_table_from_pages+0xf33/0x11c0 [ 86.189331][ T5341] iommu_dma_map_sg+0x908/0x1000 [ 86.191376][ T5341] __dma_map_sg_attrs+0xd0/0x520 [ 86.193461][ T5341] dma_map_sgtable+0x67/0xf0 [ 86.195305][ T5341] drm_gem_map_dma_buf+0xfd/0x170 [ 86.197368][ T5341] dma_buf_map_attachment+0x1dc/0x480 [ 86.199633][ T5341] dma_buf_map_attachment_unlocked+0x97/0x110 [ 86.202282][ T5341] drm_gem_prime_import_dev+0x182/0x360 [ 86.204561][ T5341] virtgpu_gem_prime_import+0x1bb/0x740 [ 86.206853][ T5341] ? drm_gem_prime_fd_to_handle+0x13c/0x490 [ 86.209335][ T5341] ? __pfx_virtgpu_gem_prime_import+0x10/0x10 [ 86.211866][ T5341] ? __fget_files+0x2a/0x420 [ 86.213697][ T5341] ? __fget_files+0x3a0/0x420 [ 86.215749][ T5341] ? __pfx_virtgpu_gem_prime_import+0x10/0x10 [ 86.218438][ T5341] drm_gem_prime_fd_to_handle+0x18d/0x490 [ 86.221024][ T5341] drm_ioctl_kernel+0x2cf/0x390 [ 86.223207][ T5341] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 86.225950][ T5341] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 86.228193][ T5341] drm_ioctl+0x67f/0xb10 [ 86.229967][ T5341] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 86.232681][ T5341] ? __pfx_drm_ioctl+0x10/0x10 [ 86.234747][ T5341] ? __fget_files+0x3a0/0x420 [ 86.236699][ T5341] ? __fget_files+0x2a/0x420 [ 86.238679][ T5341] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.240683][ T5341] ? __pfx_drm_ioctl+0x10/0x10 [ 86.242510][ T5341] __se_sys_ioctl+0xfc/0x170 [ 86.244391][ T5341] do_syscall_64+0xfa/0xf80 [ 86.246398][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.248909][ T5341] ? clear_bhb_loop+0x60/0xb0 [ 86.250934][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.253466][ T5341] RIP: 0033:0x7f15f818f7c9 [ 86.255367][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.263173][ T5341] RSP: 002b:00007f15f9056038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.267348][ T5341] RAX: ffffffffffffffda RBX: 00007f15f83e5fa0 RCX: 00007f15f818f7c9 [ 86.270844][ T5341] RDX: 0000200000000800 RSI: 00000000c00c642e RDI: 0000000000000003 [ 86.274094][ T5341] RBP: 00007f15f9056090 R08: 0000000000000000 R09: 0000000000000000 [ 86.277390][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 86.280657][ T5341] R13: 00007f15f83e6038 R14: 00007f15f83e5fa0 R15: 00007fff8f1d2908 [ 86.283875][ T5341] [ 86.285169][ T5341] Modules linked in: [ 86.287616][ T5341] ---[ end trace 0000000000000000 ]--- [ 86.296105][ T5341] RIP: 0010:__phys_addr+0x16b/0x180 [ 86.298558][ T5341] Code: 96 b3 00 e9 45 ff ff ff e8 d2 b0 4b 00 48 c7 c7 10 34 fb 8d 48 89 de 4c 89 f2 e8 50 a0 53 03 e9 4d ff ff ff e8 b6 b0 4b 00 90 <0f> 0b e8 ae b0 4b 00 90 0f 0b e8 a6 b0 4b 00 90 0f 0b 0f 1f 00 90 [ 86.306847][ T5341] RSP: 0018:ffffc9000d57ef40 EFLAGS: 00010293 [ 86.309415][ T5341] RAX: ffffffff8176113a RBX: 0000778000000000 RCX: ffff88801162c980 [ 86.314938][ T5341] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000778000000000 [ 86.318318][ T5341] RBP: ffffc9000d57f0f0 R08: ffffffff8e26c4f3 R09: 1ffffffff1c4d89e [ 86.322203][ T5341] R10: dffffc0000000000 R11: fffffbfff1c4d89f R12: 0000000000000011 [ 86.325590][ T5341] R13: dffffc0000000000 R14: 0000000080000000 R15: dffffc0000000000 [ 86.329084][ T5341] FS: 00007f15f90566c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 86.333443][ T5341] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.336490][ T5341] CR2: 000055f960061168 CR3: 0000000035b07000 CR4: 0000000000352ef0 [ 86.340570][ T5341] Kernel panic - not syncing: Fatal exception [ 86.343416][ T5341] Kernel Offset: disabled [ 86.345339][ T5341] Rebooting in 86400 seconds..