[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts. 2020/12/29 23:02:44 parsed 1 programs 2020/12/29 23:02:44 executed programs: 0 syzkaller login: [ 30.986994] IPVS: ftp: loaded support on port[0] = 21 [ 31.071340] chnl_net:caif_netlink_parms(): no params data found [ 31.142917] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.149470] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.157578] device bridge_slave_0 entered promiscuous mode [ 31.165099] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.171839] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.178734] device bridge_slave_1 entered promiscuous mode [ 31.195411] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 31.204216] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 31.222008] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 31.229340] team0: Port device team_slave_0 added [ 31.235067] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 31.242361] team0: Port device team_slave_1 added [ 31.257266] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.263641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.289137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.300587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.306931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.333618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.344449] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.352093] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.370561] device hsr_slave_0 entered promiscuous mode [ 31.376232] device hsr_slave_1 entered promiscuous mode [ 31.382424] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 31.389384] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 31.449591] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.456124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.462952] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.469316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.498130] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 31.505817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.514671] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 31.523741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.542622] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.549770] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.559773] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 31.566425] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.574681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.583131] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.589479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.598739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.607489] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.613918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.632754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.640296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.648502] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.656719] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.666207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.675980] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 31.682577] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.694849] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 31.702981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.709637] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.719838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.770575] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 31.780448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.811683] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 31.818663] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 31.825831] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 31.835536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.843253] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.850065] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.859535] device veth0_vlan entered promiscuous mode [ 31.868530] device veth1_vlan entered promiscuous mode [ 31.874664] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 31.883785] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 31.894798] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 31.903580] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.911199] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.918453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.927453] device veth0_macvtap entered promiscuous mode [ 31.934096] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 31.943145] device veth1_macvtap entered promiscuous mode [ 31.951948] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 31.960794] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 31.970365] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.978226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.986937] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.997410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.005093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.061624] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.010475] Bluetooth: hci0 command 0x0409 tx timeout 2020/12/29 23:02:49 executed programs: 174 [ 35.088194] Bluetooth: hci0 command 0x041b tx timeout [ 36.225908] ------------[ cut here ]------------ [ 36.230754] WARNING: CPU: 0 PID: 9423 at drivers/gpu/drm/drm_prime.c:898 drm_prime_destroy_file_private+0x3e/0x50 [ 36.241136] Kernel panic - not syncing: panic_on_warn set ... [ 36.241136] [ 36.248510] CPU: 0 PID: 9423 Comm: syz-executor.0 Not tainted 4.14.213-syzkaller #0 [ 36.256296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.265633] Call Trace: [ 36.268217] dump_stack+0x1b2/0x283 [ 36.271833] panic+0x1f9/0x42d [ 36.275015] ? add_taint.cold+0x16/0x16 [ 36.278972] ? drm_prime_destroy_file_private+0x3e/0x50 [ 36.284316] ? drm_prime_destroy_file_private+0x3e/0x50 [ 36.289659] __warn.cold+0x20/0x4b [ 36.293177] ? ist_end_non_atomic+0x10/0x10 [ 36.297495] ? drm_prime_destroy_file_private+0x3e/0x50 [ 36.302847] report_bug+0x208/0x249 [ 36.306459] do_error_trap+0x195/0x2d0 [ 36.310325] ? math_error+0x2d0/0x2d0 [ 36.314117] ? mark_held_locks+0xa6/0xf0 [ 36.318157] ? retint_kernel+0x2d/0x2d [ 36.322019] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 36.327029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.331875] invalid_op+0x1b/0x40 [ 36.335307] RIP: 0010:drm_prime_destroy_file_private+0x3e/0x50 [ 36.341251] RSP: 0018:ffff888090457ae0 EFLAGS: 00010297 [ 36.346594] RAX: ffff8880906ea140 RBX: ffff88809268cbb8 RCX: 1ffff110120dd53d [ 36.353872] RDX: 0000000000000000 RSI: ffff8880906ea9c8 RDI: ffff88809268cc38 [ 36.361137] RBP: ffffffff83885ca0 R08: 0000000000000000 R09: 0000000000000000 [ 36.368397] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809268c940 [ 36.375658] R13: ffff8882384fc740 R14: ffff88809268caf8 R15: ffff88809268cb20 [ 36.382920] ? vgem_gem_free_object+0xd0/0xd0 [ 36.387418] drm_release+0xaf9/0xfa0 [ 36.391111] ? ima_file_free+0x4f/0x330 [ 36.395135] ? drm_lastclose+0x2b0/0x2b0 [ 36.399182] __fput+0x25f/0x7a0 [ 36.402484] task_work_run+0x11f/0x190 [ 36.406381] get_signal+0x18a3/0x1ca0 [ 36.410163] ? drm_ioctl+0x48a/0x870 [ 36.413876] ? __vgem_fence_idr_fini+0x50/0x50 [ 36.418453] ? drm_getstats+0x20/0x20 [ 36.422244] do_signal+0x7c/0x1550 [ 36.425760] ? __might_fault+0x104/0x1b0 [ 36.429813] ? setup_sigcontext+0x820/0x820 [ 36.434136] ? drm_getstats+0x20/0x20 [ 36.437944] ? do_vfs_ioctl+0xe2/0xff0 [ 36.441820] ? ioctl_preallocate+0x1a0/0x1a0 [ 36.446223] ? lock_downgrade+0x740/0x740 [ 36.450352] ? check_preemption_disabled+0x35/0x240 [ 36.455350] ? kick_process+0xe4/0x170 [ 36.459222] ? task_work_add+0x87/0xe0 [ 36.463110] ? exit_to_usermode_loop+0x41/0x200 [ 36.467759] exit_to_usermode_loop+0x160/0x200 [ 36.472320] ? SyS_ioctl+0x5c/0xb0 [ 36.475862] do_syscall_64+0x4a3/0x640 [ 36.479735] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.484911] RIP: 0033:0x45e299 [ 36.488079] RSP: 002b:00007f3257c1ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.495782] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000045e299 [ 36.503058] RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000003 [ 36.510316] RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 36.517571] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c [ 36.524822] R13: 00007fff45db8b9f R14: 00007f3257c1f9c0 R15: 000000000119bf8c [ 36.532755] Kernel Offset: disabled [ 36.536428] Rebooting in 86400 seconds..