Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. 2021/04/15 01:39:09 parsed 1 programs 2021/04/15 01:39:09 executed programs: 0 syzkaller login: [ 29.766952] IPVS: ftp: loaded support on port[0] = 21 [ 29.869312] chnl_net:caif_netlink_parms(): no params data found [ 29.947493] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.954587] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.962240] device bridge_slave_0 entered promiscuous mode [ 29.970014] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.976417] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.983706] device bridge_slave_1 entered promiscuous mode [ 30.000122] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.009767] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.026791] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.034220] team0: Port device team_slave_0 added [ 30.040062] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.047337] team0: Port device team_slave_1 added [ 30.061920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.068244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.093515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.105369] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.111851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.137373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.148555] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.156046] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.174880] device hsr_slave_0 entered promiscuous mode [ 30.180669] device hsr_slave_1 entered promiscuous mode [ 30.186560] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.193786] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.253328] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.260204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.267034] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.273491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.302398] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.309597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.317592] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.326815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.336211] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.354449] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.364906] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.371202] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.379975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.387555] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.393972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.403065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.410943] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.417285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.434864] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.444744] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.456281] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 30.464215] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.472129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.480899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.488665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.496128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 30.503001] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.513784] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 30.521790] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 30.528542] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 30.540358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.590384] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 30.600808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.630892] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.638894] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.645348] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.655031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.662771] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.669800] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.678941] device veth0_vlan entered promiscuous mode [ 30.686726] device veth1_vlan entered promiscuous mode [ 30.693223] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.702740] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.713281] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.722808] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.732012] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.740526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.750068] device veth0_macvtap entered promiscuous mode [ 30.756124] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.764401] device veth1_macvtap entered promiscuous mode [ 30.773489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.782739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.792635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.799569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.807767] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.817150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.824305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.858477] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 31.807353] Bluetooth: hci0 command 0x0409 tx timeout 2021/04/15 01:39:14 executed programs: 180 [ 33.894835] Bluetooth: hci0 command 0x041b tx timeout [ 34.117293] ------------[ cut here ]------------ [ 34.122107] WARNING: CPU: 0 PID: 9130 at drivers/gpu/drm/drm_prime.c:898 drm_prime_destroy_file_private+0x3e/0x50 [ 34.132748] Kernel panic - not syncing: panic_on_warn set ... [ 34.132748] [ 34.140214] CPU: 0 PID: 9130 Comm: syz-executor.0 Not tainted 4.14.230-syzkaller #0 [ 34.148007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.157342] Call Trace: [ 34.159930] dump_stack+0x1b2/0x281 [ 34.163549] panic+0x1f9/0x42d [ 34.166720] ? add_taint.cold+0x16/0x16 [ 34.170673] ? drm_prime_destroy_file_private+0x3e/0x50 [ 34.176016] ? drm_prime_destroy_file_private+0x3e/0x50 [ 34.181354] __warn.cold+0x20/0x44 [ 34.184874] ? ist_end_non_atomic+0x10/0x10 [ 34.190397] ? drm_prime_destroy_file_private+0x3e/0x50 [ 34.195749] report_bug+0x208/0x250 [ 34.199383] do_error_trap+0x195/0x2d0 [ 34.203254] ? math_error+0x2d0/0x2d0 [ 34.207036] ? lock_downgrade+0x740/0x740 [ 34.211183] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.216011] invalid_op+0x1b/0x40 [ 34.219445] RIP: 0010:drm_prime_destroy_file_private+0x3e/0x50 [ 34.225391] RSP: 0018:ffff88809c237ae0 EFLAGS: 00010297 [ 34.230730] RAX: ffff88809574a040 RBX: ffff8880b33b1478 RCX: 1ffff11012ae951d [ 34.237996] RDX: 0000000000000000 RSI: ffff88809574a8c8 RDI: ffff8880b33b14f8 [ 34.245255] RBP: ffffffff837dea70 R08: 0000000000000000 R09: 0000000000000000 [ 34.252502] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880b33b1200 [ 34.259760] R13: ffff888238428380 R14: ffff8880b33b13b8 R15: ffff8880b33b13e0 [ 34.267026] ? vgem_gem_free_object+0xd0/0xd0 [ 34.271504] drm_release+0xaf9/0xfa0 [ 34.275199] ? ima_file_free+0x4f/0x330 [ 34.279159] ? drm_lastclose+0x2b0/0x2b0 [ 34.283196] __fput+0x25f/0x7a0 [ 34.286475] task_work_run+0x11f/0x190 [ 34.290341] get_signal+0x18a3/0x1ca0 [ 34.294121] ? drm_ioctl+0x48a/0x870 [ 34.298618] ? __vgem_fence_idr_fini+0x50/0x50 [ 34.303187] ? drm_getstats+0x20/0x20 [ 34.306975] do_signal+0x7c/0x1550 [ 34.310492] ? ion_ioctl+0x13a/0x1f0 [ 34.314179] ? ion_query_heaps+0x360/0x360 [ 34.318491] ? setup_sigcontext+0x820/0x820 [ 34.322791] ? drm_getstats+0x20/0x20 [ 34.326569] ? do_vfs_ioctl+0xe2/0xff0 [ 34.330432] ? ioctl_preallocate+0x1a0/0x1a0 [ 34.334817] ? lock_downgrade+0x740/0x740 [ 34.338941] ? check_preemption_disabled+0x35/0x240 [ 34.343934] ? kick_process+0xe4/0x170 [ 34.347799] ? task_work_add+0x87/0xe0 [ 34.351662] ? exit_to_usermode_loop+0x41/0x200 [ 34.356338] exit_to_usermode_loop+0x160/0x200 [ 34.360902] ? SyS_ioctl+0x5c/0xb0 [ 34.364429] do_syscall_64+0x4a3/0x640 [ 34.368309] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.373475] RIP: 0033:0x466459 [ 34.376639] RSP: 002b:00007f7c7746a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 34.384321] RAX: 0000000000000000 RBX: 000000000056bf60 RCX: 0000000000466459 [ 34.391567] RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000003 [ 34.398813] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 34.406057] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 34.413311] R13: 00007ffff2951fff R14: 00007f7c7746a300 R15: 0000000000022000 [ 34.421433] Kernel Offset: disabled [ 34.425097] Rebooting in 86400 seconds..