[ 409.350566] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 409.357628] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 409.365036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 409.372189] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 409.380243] device bridge_slave_1 left promiscuous mode [ 409.385704] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.428193] device bridge_slave_0 left promiscuous mode [ 409.433684] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.470548] device veth1_macvtap left promiscuous mode [ 409.476056] device veth0_macvtap left promiscuous mode [ 409.482023] device veth1_vlan left promiscuous mode [ 409.487073] device veth0_vlan left promiscuous mode [ 409.602688] device hsr_slave_1 left promiscuous mode [ 409.660971] device hsr_slave_0 left promiscuous mode [ 409.703738] team0 (unregistering): Port device team_slave_1 removed [ 409.712706] team0 (unregistering): Port device team_slave_0 removed [ 409.722814] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 409.770366] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 409.826477] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. [ 414.153865] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.167646] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.188998] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.198604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.214543] device bridge_slave_1 left promiscuous mode [ 414.225329] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.289740] device bridge_slave_0 left promiscuous mode [ 414.296171] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.330577] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.339082] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.350984] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.366768] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.382935] device bridge_slave_1 left promiscuous mode [ 414.396453] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.427957] device bridge_slave_0 left promiscuous mode [ 414.433514] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.483781] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.493635] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.514071] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.529955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.554079] device bridge_slave_1 left promiscuous mode [ 414.570472] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.609849] device bridge_slave_0 left promiscuous mode [ 414.615630] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.682346] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.698236] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.716568] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.733223] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.757426] device bridge_slave_1 left promiscuous mode [ 414.773645] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.808430] device bridge_slave_0 left promiscuous mode [ 414.814549] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.850396] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.859818] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.883520] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.897349] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.916660] device bridge_slave_1 left promiscuous mode [ 414.925340] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.971881] device bridge_slave_0 left promiscuous mode [ 414.982083] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.040343] device veth1_macvtap left promiscuous mode [ 415.054740] device veth0_macvtap left promiscuous mode [ 415.064043] device veth1_vlan left promiscuous mode [ 415.079876] device veth0_vlan left promiscuous mode [ 415.098228] device veth1_macvtap left promiscuous mode [ 415.105627] device veth0_macvtap left promiscuous mode [ 415.118235] device veth1_vlan left promiscuous mode [ 415.133111] device veth0_vlan left promiscuous mode [ 415.141647] device veth1_macvtap left promiscuous mode [ 415.151923] device veth0_macvtap left promiscuous mode [ 415.160726] device veth1_vlan left promiscuous mode [ 415.172311] device veth0_vlan left promiscuous mode [ 415.183695] device veth1_macvtap left promiscuous mode [ 415.194789] device veth0_macvtap left promiscuous mode [ 415.204100] device veth1_vlan left promiscuous mode [ 415.218336] device veth0_vlan left promiscuous mode [ 415.238381] device veth1_macvtap left promiscuous mode [ 415.250254] device veth0_macvtap left promiscuous mode [ 415.261600] device veth1_vlan left promiscuous mode [ 415.269296] device veth0_vlan left promiscuous mode [ 416.070794] device hsr_slave_1 left promiscuous mode [ 416.111995] device hsr_slave_0 left promiscuous mode [ 416.172937] team0 (unregistering): Port device team_slave_1 removed [ 416.198483] team0 (unregistering): Port device team_slave_0 removed [ 416.220096] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 416.272250] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 416.403013] bond0 (unregistering): Released all slaves [ 416.579909] device hsr_slave_1 left promiscuous mode [ 416.630839] device hsr_slave_0 left promiscuous mode [ 416.670758] team0 (unregistering): Port device team_slave_1 removed [ 416.702374] team0 (unregistering): Port device team_slave_0 removed [ 416.728443] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 416.773238] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 416.884534] bond0 (unregistering): Released all slaves [ 417.009671] device hsr_slave_1 left promiscuous mode [ 417.040905] device hsr_slave_0 left promiscuous mode [ 417.091981] team0 (unregistering): Port device team_slave_1 removed [ 417.114863] team0 (unregistering): Port device team_slave_0 removed [ 417.143251] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 417.191546] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 417.300635] bond0 (unregistering): Released all slaves [ 417.451183] device hsr_slave_1 left promiscuous mode [ 417.481054] device hsr_slave_0 left promiscuous mode [ 417.525669] team0 (unregistering): Port device team_slave_1 removed [ 417.563651] team0 (unregistering): Port device team_slave_0 removed [ 417.592192] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 417.634019] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 417.756070] bond0 (unregistering): Released all slaves [ 417.919976] device hsr_slave_1 left promiscuous mode [ 417.940616] device hsr_slave_0 left promiscuous mode [ 418.000772] team0 (unregistering): Port device team_slave_1 removed [ 418.025641] team0 (unregistering): Port device team_slave_0 removed [ 418.043965] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 418.071551] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 418.148909] bond0 (unregistering): Released all slaves [ 436.904625] ------------[ cut here ]------------ [ 436.911975] DEBUG_LOCKS_WARN_ON(mutex_is_locked(lock)) [ 436.912012] WARNING: CPU: 0 PID: 27647 at kernel/locking/mutex-debug.c:103 mutex_destroy+0xf3/0x130 [ 436.926959] Modules linked in: [ 436.930305] CPU: 0 PID: 27647 Comm: syz-executor340 Not tainted 4.19.195-syzkaller #0 [ 436.938376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.947735] RIP: 0010:mutex_destroy+0xf3/0x130 [ 436.952314] Code: 03 38 d0 7c 04 84 d2 75 49 8b 05 d8 af 7a 0a 85 c0 0f 85 63 ff ff ff 48 c7 c6 a0 5c 09 88 48 c7 c7 e0 5c 09 88 e8 be ba 3b 06 <0f> 0b e9 49 ff ff ff e8 c1 18 46 00 e9 35 ff ff ff e8 77 19 46 00 [ 436.971469] RSP: 0018:ffff8881dc6f7db8 EFLAGS: 00010282 [ 436.976825] RAX: 0000000000000000 RBX: ffff8881d4f1d3c0 RCX: 0000000000000000 [ 436.984090] RDX: 1ffffffff1322479 RSI: 0000000000000004 RDI: 0000000000000286 [ 436.991635] RBP: ffff8881dc6f7dc0 R08: fffffbfff132e741 R09: fffffbfff132e740 [ 436.998910] R10: fffffbfff132e740 R11: ffffffff89973a03 R12: ffff8881d4f1d3c0 [ 437.006188] R13: ffff8881d4f1d310 R14: ffffffff8c54c4c0 R15: 0000000000000000 [ 437.013650] FS: 00007f6aa9ef2700(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000 [ 437.021904] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 437.028050] CR2: 00007ffd4edd5a10 CR3: 00000001df551001 CR4: 00000000001606f0 [ 437.035318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 437.042586] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 437.049860] Call Trace: [ 437.052453] dma_buf_release+0x456/0x560 [ 437.056516] __fput+0x249/0x7f0 [ 437.059824] ? _raw_spin_unlock_irq+0x27/0x90 [ 437.064412] ____fput+0x9/0x10 [ 437.067779] task_work_run+0x108/0x180 [ 437.071680] exit_to_usermode_loop+0x185/0x1e0 [ 437.076263] do_syscall_64+0x413/0x4e0 [ 437.080161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 437.085345] RIP: 0033:0x44a299 [ 437.088532] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 437.107631] RSP: 002b:00007f6aa9ef2308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 437.115334] RAX: 0000000000000000 RBX: 00000000004cb528 RCX: 000000000044a299 [ 437.122600] RDX: 0000000020000040 RSI: 00000000c00464b4 RDI: 0000000000000005 [ 437.130049] RBP: 00000000004cb520 R08: 00007f6aa9ef2700 R09: 0000000000000000 [ 437.137400] R10: 00007f6aa9ef2700 R11: 0000000000000246 R12: 00000000004cb52c [ 437.144665] R13: 000000000049b07c R14: 6972642f7665642f R15: 0000000000022000 [ 437.151941] irq event stamp: 17 [ 437.155222] hardirqs last enabled at (17): [] _raw_spin_unlock_irq+0x27/0x90 [ 437.164154] hardirqs last disabled at (16): [] _raw_spin_lock_irq+0x3c/0x90 [ 437.172830] softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 [ 437.181843] softirqs last disabled at (0): [<0000000000000000>] (null) [ 437.189722] ---[ end trace 205b9184ad08b9a5 ]--- [ 442.420570] ================================================================== [ 442.428151] BUG: KASAN: use-after-free in reservation_object_reserve_shared+0x212/0x250 [ 442.436301] Read of size 8 at addr ffff8881e377ab40 by task syz-executor340/4814 [ 442.444347] [ 442.445975] CPU: 0 PID: 4814 Comm: syz-executor340 Tainted: G W 4.19.195-syzkaller #0 [ 442.455232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 442.464727] Call Trace: [ 442.467309] dump_stack+0x17c/0x226 [ 442.470944] print_address_description.cold.6+0x9/0x211 [ 442.476742] kasan_report.cold.7+0x242/0x2fe [ 442.481161] ? reservation_object_reserve_shared+0x212/0x250 [ 442.487314] __asan_report_load8_noabort+0x14/0x20 [ 442.492706] reservation_object_reserve_shared+0x212/0x250 [ 442.498364] vgem_fence_attach_ioctl+0x438/0x580 [ 442.503828] drm_ioctl_kernel+0x1b7/0x240 [ 442.507981] ? __vgem_fence_idr_fini+0x40/0x40 [ 442.512826] ? drm_ioctl_permit+0x1a0/0x1a0 [ 442.517146] ? kasan_check_write+0x14/0x20 [ 442.521559] drm_ioctl+0x6a9/0xae0 [ 442.525177] ? __vgem_fence_idr_fini+0x40/0x40 [ 442.530494] ? drm_getstats+0x20/0x20 [ 442.534308] ? mark_held_locks+0x130/0x130 [ 442.538631] ? rb_erase_cached+0x8d8/0x1b10 [ 442.543149] ? __enqueue_entity+0x10d/0x1f0 [ 442.547731] ? mark_held_locks+0x130/0x130 [ 442.552037] ? set_next_entity+0x461/0x23f0 [ 442.556364] ? put_prev_entity+0x29a/0x1740 [ 442.561222] ? pick_next_entity+0x195/0x3a0 [ 442.565553] do_vfs_ioctl+0x196/0x10c0 [ 442.569797] ? lock_downgrade+0x860/0x860 [ 442.574708] ? __fget+0x9e/0x400 [ 442.578172] ? ioctl_preallocate+0x1c0/0x1c0 [ 442.582583] ? __fget+0x2a2/0x400 [ 442.586122] ? do_dup2+0x3f0/0x3f0 [ 442.589638] ? do_futex+0x1530/0x1530 [ 442.594047] ? __fget_light+0x174/0x1e0 [ 442.598086] ksys_ioctl+0x62/0x90 [ 442.601988] ? trace_hardirqs_off_caller+0x1d/0x180 [ 442.606989] __x64_sys_ioctl+0x6e/0xb0 [ 442.610854] do_syscall_64+0xd0/0x4e0 [ 442.615003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 442.620255] RIP: 0033:0x44a299 [ 442.623438] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 442.643272] RSP: 002b:00007f6aa9f34308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 442.651431] RAX: ffffffffffffffda RBX: 00000000004cb508 RCX: 000000000044a299 [ 442.658765] RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000005 [ 442.666012] RBP: 00000000004cb500 R08: 0000000000000000 R09: 0000000000000000 [ 442.673441] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb50c [ 442.680813] R13: 000000000049b07c R14: 6972642f7665642f R15: 0000000000022000 [ 442.688450] [ 442.690145] Allocated by task 4814: [ 442.693849] kasan_kmalloc.part.1+0x62/0xf0 [ 442.698526] kasan_kmalloc+0xaf/0xc0 [ 442.702477] __kmalloc+0x15d/0x3d0 [ 442.706251] dma_buf_export+0x1b4/0x970 [ 442.710374] drm_gem_prime_export+0x16c/0x280 [ 442.714848] vgem_fence_attach_ioctl+0x3fe/0x580 [ 442.720186] drm_ioctl_kernel+0x1b7/0x240 [ 442.724652] drm_ioctl+0x6a9/0xae0 [ 442.728178] do_vfs_ioctl+0x196/0x10c0 [ 442.732043] ksys_ioctl+0x62/0x90 [ 442.735556] __x64_sys_ioctl+0x6e/0xb0 [ 442.739417] do_syscall_64+0xd0/0x4e0 [ 442.743398] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 442.748824] [ 442.750685] Freed by task 4824: [ 442.754115] __kasan_slab_free+0x13c/0x220 [ 442.758322] kasan_slab_free+0xe/0x10 [ 442.762295] kfree+0xcf/0x220 [ 442.765734] dma_buf_release+0x2db/0x560 [ 442.770247] __fput+0x249/0x7f0 [ 442.773694] ____fput+0x9/0x10 [ 442.776890] task_work_run+0x108/0x180 [ 442.780760] exit_to_usermode_loop+0x185/0x1e0 [ 442.785373] do_syscall_64+0x413/0x4e0 [ 442.789584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 442.794889] [ 442.796509] The buggy address belongs to the object at ffff8881e377a900 [ 442.796509] which belongs to the cache kmalloc-1024 of size 1024 [ 442.809753] The buggy address is located 576 bytes inside of [ 442.809753] 1024-byte region [ffff8881e377a900, ffff8881e377ad00) [ 442.821700] The buggy address belongs to the page: [ 442.826609] page:ffffea00078dde80 count:1 mapcount:0 mapping:ffff8881f6000ac0 index:0x0 compound_mapcount: 0 [ 442.836816] flags: 0x17ff00000008100(slab|head) [ 442.841694] raw: 017ff00000008100 ffffea0007380a08 ffffea00077db488 ffff8881f6000ac0 [ 442.849917] raw: 0000000000000000 ffff8881e377a000 0000000100000007 0000000000000000 [ 442.858827] page dumped because: kasan: bad access detected [ 442.864780] [ 442.866379] Memory state around the buggy address: [ 442.871377] ffff8881e377aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 442.878991] ffff8881e377aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 442.886946] >ffff8881e377ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 442.894278] ^ [ 442.899700] ffff8881e377ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 442.907206] ffff8881e377ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 442.914632] ================================================================== [ 446.403830] kasan: CONFIG_KASAN_INLINE enabled [ 446.409666] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 446.420658] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 446.426907] CPU: 1 PID: 10957 Comm: syz-executor340 Tainted: G B W 4.19.195-syzkaller #0 [ 446.436291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.445776] RIP: 0010:vgem_fence_attach_ioctl+0x250/0x580 [ 446.451310] Code: 80 3c 02 00 0f 85 01 03 00 00 4d 8b bc 24 10 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cd 02 00 00 49 8b 87 e0 00 00 00 4c 89 f2 48 c1 [ 446.470950] RSP: 0018:ffff8881e3497a70 EFLAGS: 00010202 [ 446.476403] RAX: dffffc0000000000 RBX: ffff8881ee2257c0 RCX: 0000000000000000 [ 446.483754] RDX: 000000000000001c RSI: 0000000000000004 RDI: 00000000000000e0 [ 446.491207] RBP: ffff8881e3497ab0 R08: ffffed103eca4561 R09: ffffed103eca4560 [ 446.498468] R10: ffffed103eca4560 R11: ffff8881f6522b03 R12: ffff8881db06f0c0 [ 446.505998] R13: ffff8881cbee66c0 R14: ffff8881ee2257c4 R15: 0000000000000000 [ 446.513363] FS: 00007f6aa9f34700(0000) GS:ffff8881f6500000(0000) knlGS:0000000000000000 [ 446.521593] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 446.527454] CR2: 00000000004d16e0 CR3: 00000001d5676003 CR4: 00000000001606e0 [ 446.534702] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 446.542051] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 446.549470] Call Trace: [ 446.552035] drm_ioctl_kernel+0x1b7/0x240 [ 446.556165] ? __vgem_fence_idr_fini+0x40/0x40 [ 446.560742] ? drm_ioctl_permit+0x1a0/0x1a0 [ 446.565125] ? kasan_check_write+0x14/0x20 [ 446.569332] drm_ioctl+0x6a9/0xae0 [ 446.572854] ? __vgem_fence_idr_fini+0x40/0x40 [ 446.577700] ? drm_getstats+0x20/0x20 [ 446.581483] ? mark_held_locks+0x130/0x130 [ 446.585877] ? do_syscall_64+0xd0/0x4e0 [ 446.589835] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.595182] ? mark_held_locks+0x130/0x130 [ 446.599406] ? debug_check_no_obj_freed+0x1ed/0x430 [ 446.604412] ? lock_downgrade+0x860/0x860 [ 446.608551] do_vfs_ioctl+0x196/0x10c0 [ 446.612585] ? lock_downgrade+0x860/0x860 [ 446.616793] ? __fget+0x9e/0x400 [ 446.620132] ? ioctl_preallocate+0x1c0/0x1c0 [ 446.624532] ? __fget+0x2a2/0x400 [ 446.628222] ? do_dup2+0x3f0/0x3f0 [ 446.631751] ? do_futex+0x1530/0x1530 [ 446.635558] ? __fget_light+0x174/0x1e0 [ 446.639614] ksys_ioctl+0x62/0x90 [ 446.643136] ? trace_hardirqs_off_caller+0x1d/0x180 [ 446.648401] __x64_sys_ioctl+0x6e/0xb0 [ 446.652273] do_syscall_64+0xd0/0x4e0 [ 446.656182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.661538] RIP: 0033:0x44a299 [ 446.664725] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 446.683688] RSP: 002b:00007f6aa9f34308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 446.691713] RAX: ffffffffffffffda RBX: 00000000004cb508 RCX: 000000000044a299 [ 446.699062] RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000005 [ 446.706303] RBP: 00000000004cb500 R08: 0000000000000000 R09: 0000000000000000 [ 446.713652] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb50c [ 446.720918] R13: 000000000049b07c R14: 6972642f7665642f R15: 0000000000022000 [ 446.728184] Modules linked in: [ 446.734408] ---[ end trace 205b9184ad08b9a6 ]--- [ 446.742798] RIP: 0010:vgem_fence_attach_ioctl+0x250/0x580 [ 446.751269] Code: 80 3c 02 00 0f 85 01 03 00 00 4d 8b bc 24 10 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cd 02 00 00 49 8b 87 e0 00 00 00 4c 89 f2 48 c1 [ 446.772386] RSP: 0018:ffff8881e3497a70 EFLAGS: 00010202 [ 446.779641] RAX: dffffc0000000000 RBX: ffff8881ee2257c0 RCX: 0000000000000000 [ 446.792101] RDX: 000000000000001c RSI: 0000000000000004 RDI: 00000000000000e0 [ 446.801934] RBP: ffff8881e3497ab0 R08: ffffed103eca4561 R09: ffffed103eca4560 [ 446.814735] R10: ffffed103eca4560 R11: ffff8881f6522b03 R12: ffff8881db06f0c0 [ 446.823885] R13: ffff8881cbee66c0 R14: ffff8881ee2257c4 R15: 0000000000000000 [ 446.834778] FS: 00007f6aa9f34700(0000) GS:ffff8881f6500000(0000) knlGS:0000000000000000 [ 446.844971] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 446.852492] CR2: 00007f6aa9f13718 CR3: 00000001d5676003 CR4: 00000000001606e0 [ 446.865130] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 446.874365] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 446.883179] Kernel panic - not syncing: Fatal exception [ 446.890253] Kernel Offset: disabled [ 446.894003] Rebooting in 86400 seconds..