[ 53.941162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.952807] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 53.964819] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 53.988275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 170.340992] Bluetooth: hci1: command 0x0406 tx timeout [ 170.348148] Bluetooth: hci3: command 0x0406 tx timeout [ 170.381931] Bluetooth: hci0: command 0x0406 tx timeout [ 170.411022] Bluetooth: hci4: command 0x0406 tx timeout [ 170.450952] Bluetooth: hci5: command 0x0406 tx timeout [ 170.474608] Bluetooth: hci2: command 0x0406 tx timeout [ 405.516398] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 405.523428] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 405.531399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 405.539432] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 405.548374] device bridge_slave_1 left promiscuous mode [ 405.554757] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.604229] device bridge_slave_0 left promiscuous mode [ 405.609932] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.665353] device veth1_macvtap left promiscuous mode [ 405.671733] device veth0_macvtap left promiscuous mode [ 405.678653] device veth1_vlan left promiscuous mode [ 405.684678] device veth0_vlan left promiscuous mode [ 405.770060] device hsr_slave_1 left promiscuous mode [ 405.826829] device hsr_slave_0 left promiscuous mode [ 405.880340] team0 (unregistering): Port device team_slave_1 removed [ 405.890285] team0 (unregistering): Port device team_slave_0 removed [ 405.900815] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 405.935804] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 406.016133] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. [ 410.481795] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.495350] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.508010] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.528994] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.549618] device bridge_slave_1 left promiscuous mode [ 410.568638] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.615509] device bridge_slave_0 left promiscuous mode [ 410.625410] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.646754] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.661081] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.680580] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.695210] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.711883] device bridge_slave_1 left promiscuous mode [ 410.725120] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.766707] device bridge_slave_0 left promiscuous mode [ 410.773686] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.806673] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.819364] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.835716] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.850348] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.870283] device bridge_slave_1 left promiscuous mode [ 410.889072] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.914757] device bridge_slave_0 left promiscuous mode [ 410.921368] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.958929] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.972659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.995493] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.003683] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 411.018838] device bridge_slave_1 left promiscuous mode [ 411.028776] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.053990] device bridge_slave_0 left promiscuous mode [ 411.062425] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.110239] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 411.123497] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.147351] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.160506] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 411.176350] device bridge_slave_1 left promiscuous mode [ 411.186033] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.246437] device bridge_slave_0 left promiscuous mode [ 411.252672] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.305521] device veth1_macvtap left promiscuous mode [ 411.320011] device veth0_macvtap left promiscuous mode [ 411.335261] device veth1_vlan left promiscuous mode [ 411.349946] device veth0_vlan left promiscuous mode [ 411.360924] device veth1_macvtap left promiscuous mode [ 411.371225] device veth0_macvtap left promiscuous mode [ 411.382180] device veth1_vlan left promiscuous mode [ 411.394863] device veth0_vlan left promiscuous mode [ 411.411886] device veth1_macvtap left promiscuous mode [ 411.427879] device veth0_macvtap left promiscuous mode [ 411.441655] device veth1_vlan left promiscuous mode [ 411.454215] device veth0_vlan left promiscuous mode [ 411.464537] device veth1_macvtap left promiscuous mode [ 411.475744] device veth0_macvtap left promiscuous mode [ 411.488396] device veth1_vlan left promiscuous mode [ 411.501834] device veth0_vlan left promiscuous mode [ 411.514081] device veth1_macvtap left promiscuous mode [ 411.525573] device veth0_macvtap left promiscuous mode [ 411.536261] device veth1_vlan left promiscuous mode [ 411.548153] device veth0_vlan left promiscuous mode [ 412.447406] device hsr_slave_1 left promiscuous mode [ 412.487612] device hsr_slave_0 left promiscuous mode [ 412.548008] team0 (unregistering): Port device team_slave_1 removed [ 412.581019] team0 (unregistering): Port device team_slave_0 removed [ 412.602606] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 412.646931] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 412.781413] bond0 (unregistering): Released all slaves [ 412.925677] device hsr_slave_1 left promiscuous mode [ 412.948190] device hsr_slave_0 left promiscuous mode [ 413.004211] team0 (unregistering): Port device team_slave_1 removed [ 413.037442] team0 (unregistering): Port device team_slave_0 removed [ 413.070151] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 413.126975] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 413.211412] bond0 (unregistering): Released all slaves [ 413.346967] device hsr_slave_1 left promiscuous mode [ 413.397470] device hsr_slave_0 left promiscuous mode [ 413.467740] team0 (unregistering): Port device team_slave_1 removed [ 413.498638] team0 (unregistering): Port device team_slave_0 removed [ 413.530016] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 413.577591] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 413.722384] bond0 (unregistering): Released all slaves [ 413.875796] device hsr_slave_1 left promiscuous mode [ 413.926832] device hsr_slave_0 left promiscuous mode [ 413.997304] team0 (unregistering): Port device team_slave_1 removed [ 414.022480] team0 (unregistering): Port device team_slave_0 removed [ 414.045955] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 414.096386] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 414.195517] bond0 (unregistering): Released all slaves [ 414.336484] device hsr_slave_1 left promiscuous mode [ 414.376111] device hsr_slave_0 left promiscuous mode [ 414.414594] team0 (unregistering): Port device team_slave_1 removed [ 414.435959] team0 (unregistering): Port device team_slave_0 removed [ 414.457986] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 414.519116] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 414.643983] bond0 (unregistering): Released all slaves [ 420.325151] ------------[ cut here ]------------ [ 420.333795] DEBUG_LOCKS_WARN_ON(mutex_is_locked(lock)) [ 420.333840] WARNING: CPU: 0 PID: 9658 at kernel/locking/mutex-debug.c:103 mutex_destroy+0xf3/0x130 [ 420.349602] Modules linked in: [ 420.353262] CPU: 0 PID: 9658 Comm: syz-executor733 Not tainted 4.19.189-syzkaller #0 [ 420.361966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 420.372560] RIP: 0010:mutex_destroy+0xf3/0x130 [ 420.377563] Code: 03 38 d0 7c 04 84 d2 75 49 8b 05 78 f1 7a 0a 85 c0 0f 85 63 ff ff ff 48 c7 c6 a0 5c 09 88 48 c7 c7 e0 5c 09 88 e8 8e 42 3b 06 <0f> 0b e9 49 ff ff ff e8 51 fd 45 00 e9 35 ff ff ff e8 07 fe 45 00 [ 420.398178] RSP: 0018:ffff8881d0357db8 EFLAGS: 00010282 [ 420.403630] RAX: 0000000000000000 RBX: ffff8881d65aef40 RCX: 0000000000000000 [ 420.416869] RDX: 1ffffffff1322479 RSI: 0000000000000004 RDI: 0000000000000282 [ 420.425018] RBP: ffff8881d0357dc0 R08: fffffbfff132e741 R09: fffffbfff132e740 [ 420.434189] R10: fffffbfff132e740 R11: ffffffff89973a03 R12: ffff8881d65aef40 [ 420.443256] R13: ffff8881d65aee90 R14: ffffffff8c54e480 R15: 0000000000000000 [ 420.451353] FS: 00007f81b2235700(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000 [ 420.460761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 420.467237] CR2: 00007ffeb9c49a10 CR3: 00000001ef81a002 CR4: 00000000001606f0 [ 420.476888] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 420.485299] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 420.493239] Call Trace: [ 420.496296] dma_buf_release+0x456/0x560 [ 420.500627] __fput+0x249/0x7f0 [ 420.504000] ? _raw_spin_unlock_irq+0x27/0x90 [ 420.509030] ____fput+0x9/0x10 [ 420.512854] task_work_run+0x108/0x180 [ 420.517079] exit_to_usermode_loop+0x185/0x1e0 [ 420.522491] do_syscall_64+0x413/0x4e0 [ 420.526934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 420.534114] RIP: 0033:0x44a299 [ 420.538022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 420.558591] RSP: 002b:00007f81b2235308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 420.567696] RAX: 0000000000000000 RBX: 00000000004cb528 RCX: 000000000044a299 [ 420.576075] RDX: 0000000020000040 RSI: 00000000c00464b4 RDI: 0000000000000005 [ 420.584134] RBP: 00000000004cb520 R08: 00007f81b2235700 R09: 0000000000000000 [ 420.592684] R10: 00007f81b2235700 R11: 0000000000000246 R12: 00000000004cb52c [ 420.601125] R13: 000000000049b07c R14: 6972642f7665642f R15: 0000000000022000 [ 420.609214] irq event stamp: 17 [ 420.612927] hardirqs last enabled at (17): [] _raw_spin_unlock_irq+0x27/0x90 [ 420.622317] hardirqs last disabled at (16): [] _raw_spin_lock_irq+0x3c/0x90 [ 420.632072] softirqs last enabled at (0): [] copy_process.part.2+0x176b/0x7960 [ 420.642302] softirqs last disabled at (0): [<0000000000000000>] (null) [ 420.650712] ---[ end trace c6e40909f002f85c ]--- [ 421.582274] ================================================================== [ 421.590213] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x9b/0x6a0 [ 421.599798] Read of size 8 at addr ffff8881dcaae180 by task syz-executor733/11488 [ 421.609510] [ 421.611495] CPU: 1 PID: 11488 Comm: syz-executor733 Tainted: G W 4.19.189-syzkaller #0 [ 421.621844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.631946] Call Trace: [ 421.635039] dump_stack+0x17c/0x226 [ 421.638858] print_address_description.cold.6+0x9/0x211 [ 421.645123] kasan_report.cold.7+0x242/0x2fe [ 421.649958] ? __mutex_unlock_slowpath+0x9b/0x6a0 [ 421.655066] check_memory_region+0x13c/0x1b0 [ 421.660282] kasan_check_read+0x11/0x20 [ 421.664494] __mutex_unlock_slowpath+0x9b/0x6a0 [ 421.669175] ? wait_for_completion_io+0x20/0x20 [ 421.674309] ? reservation_object_add_shared_fence+0x417/0xd20 [ 421.680507] ww_mutex_unlock+0xe4/0x300 [ 421.684670] vgem_fence_attach_ioctl+0x481/0x580 [ 421.689851] drm_ioctl_kernel+0x1b7/0x240 [ 421.694229] ? __vgem_fence_idr_fini+0x40/0x40 [ 421.699258] ? drm_ioctl_permit+0x1a0/0x1a0 [ 421.703949] ? kasan_check_write+0x14/0x20 [ 421.708197] drm_ioctl+0x6a9/0xae0 [ 421.712071] ? __vgem_fence_idr_fini+0x40/0x40 [ 421.716679] ? drm_getstats+0x20/0x20 [ 421.720574] ? mark_held_locks+0x130/0x130 [ 421.724898] ? do_syscall_64+0xd0/0x4e0 [ 421.729502] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 421.735519] ? mark_held_locks+0x130/0x130 [ 421.739745] ? debug_check_no_obj_freed+0x1ed/0x430 [ 421.745158] ? lock_downgrade+0x860/0x860 [ 421.749545] do_vfs_ioctl+0x196/0x10c0 [ 421.753441] ? lock_downgrade+0x860/0x860 [ 421.757569] ? __fget+0x9e/0x400 [ 421.761115] ? ioctl_preallocate+0x1c0/0x1c0 [ 421.765875] ? __fget+0x2a2/0x400 [ 421.769405] ? do_dup2+0x3f0/0x3f0 [ 421.773538] ? do_futex+0x1550/0x1550 [ 421.777443] ? __fget_light+0x174/0x1e0 [ 421.781425] ksys_ioctl+0x62/0x90 [ 421.784958] ? trace_hardirqs_off_caller+0x1d/0x180 [ 421.790147] __x64_sys_ioctl+0x6e/0xb0 [ 421.794623] do_syscall_64+0xd0/0x4e0 [ 421.800985] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 421.806849] RIP: 0033:0x44a299 [ 421.810128] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 421.830113] RSP: 002b:00007f81b2277308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 421.838070] RAX: ffffffffffffffda RBX: 00000000004cb508 RCX: 000000000044a299 [ 421.845677] RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000005 [ 421.853687] RBP: 00000000004cb500 R08: 0000000000000000 R09: 0000000000000000 [ 421.861418] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb50c [ 421.868689] R13: 000000000049b07c R14: 6972642f7665642f R15: 0000000000022000 [ 421.876240] [ 421.877857] Allocated by task 11488: [ 421.881739] kasan_kmalloc.part.1+0x62/0xf0 [ 421.887081] kasan_kmalloc+0xaf/0xc0 [ 421.891181] __kmalloc+0x15d/0x3d0 [ 421.895330] dma_buf_export+0x1b4/0x970 [ 421.899761] drm_gem_prime_export+0x16c/0x280 [ 421.904279] vgem_fence_attach_ioctl+0x3fe/0x580 [ 421.909282] drm_ioctl_kernel+0x1b7/0x240 [ 421.913795] drm_ioctl+0x6a9/0xae0 [ 421.917407] do_vfs_ioctl+0x196/0x10c0 [ 421.921366] ksys_ioctl+0x62/0x90 [ 421.925163] __x64_sys_ioctl+0x6e/0xb0 [ 421.929048] do_syscall_64+0xd0/0x4e0 [ 421.933189] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 421.938801] [ 421.940616] Freed by task 11497: [ 421.944059] __kasan_slab_free+0x13c/0x220 [ 421.949077] kasan_slab_free+0xe/0x10 [ 421.952965] kfree+0xcf/0x220 [ 421.956311] dma_buf_release+0x2db/0x560 [ 421.960527] __fput+0x249/0x7f0 [ 421.964187] ____fput+0x9/0x10 [ 421.967448] task_work_run+0x108/0x180 [ 421.971333] exit_to_usermode_loop+0x185/0x1e0 [ 421.976012] do_syscall_64+0x413/0x4e0 [ 421.979976] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 421.985820] [ 421.987544] The buggy address belongs to the object at ffff8881dcaae000 [ 421.987544] which belongs to the cache kmalloc-1024 of size 1024 [ 422.001069] The buggy address is located 384 bytes inside of [ 422.001069] 1024-byte region [ffff8881dcaae000, ffff8881dcaae400) [ 422.013731] The buggy address belongs to the page: [ 422.019631] page:ffffea000772ab80 count:1 mapcount:0 mapping:ffff8881f6000ac0 index:0x0 compound_mapcount: 0 [ 422.035121] flags: 0x17ff00000008100(slab|head) [ 422.040197] raw: 017ff00000008100 ffffea0007ad2588 ffffea00078da808 ffff8881f6000ac0 [ 422.054545] raw: 0000000000000000 ffff8881dcaae000 0000000100000007 0000000000000000 [ 422.062493] page dumped because: kasan: bad access detected [ 422.068640] [ 422.070442] Memory state around the buggy address: [ 422.075726] ffff8881dcaae080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 422.083499] ffff8881dcaae100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 422.091282] >ffff8881dcaae180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 422.099710] ^ [ 422.103151] ffff8881dcaae200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 422.111729] ffff8881dcaae280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 422.120038] ================================================================== [ 426.104153] kasan: CONFIG_KASAN_INLINE enabled [ 426.109878] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 426.126718] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 426.133527] CPU: 1 PID: 18448 Comm: syz-executor733 Tainted: G B W 4.19.189-syzkaller #0 [ 426.143886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 426.153987] RIP: 0010:vgem_fence_attach_ioctl+0x250/0x580 [ 426.160354] Code: 80 3c 02 00 0f 85 01 03 00 00 4d 8b bc 24 10 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cd 02 00 00 49 8b 87 e0 00 00 00 4c 89 f2 48 c1 [ 426.182049] RSP: 0018:ffff8881f4557a70 EFLAGS: 00010202 [ 426.187432] RAX: dffffc0000000000 RBX: ffff8881d4b7ba40 RCX: 0000000000000000 [ 426.195084] RDX: 000000000000001c RSI: 0000000000000004 RDI: 00000000000000e0 [ 426.202624] RBP: ffff8881f4557ab0 R08: ffffed103eca4561 R09: ffffed103eca4560 [ 426.210651] R10: ffffed103eca4560 R11: ffff8881f6522b03 R12: ffff8881da028d40 [ 426.218536] R13: ffff8881e3a60540 R14: ffff8881d4b7ba44 R15: 0000000000000000 [ 426.226956] FS: 00007f81b2277700(0000) GS:ffff8881f6500000(0000) knlGS:0000000000000000 [ 426.236258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 426.242219] CR2: 00007ffeb9c49a10 CR3: 00000001f3f8d002 CR4: 00000000001606e0 [ 426.249651] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 426.257119] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 426.265023] Call Trace: [ 426.267844] drm_ioctl_kernel+0x1b7/0x240 [ 426.272415] ? __vgem_fence_idr_fini+0x40/0x40 [ 426.277019] ? drm_ioctl_permit+0x1a0/0x1a0 [ 426.281653] ? kasan_check_write+0x14/0x20 [ 426.286000] drm_ioctl+0x6a9/0xae0 [ 426.290451] ? __vgem_fence_idr_fini+0x40/0x40 [ 426.295158] ? drm_getstats+0x20/0x20 [ 426.298953] ? mark_held_locks+0x130/0x130 [ 426.303174] ? do_syscall_64+0xd0/0x4e0 [ 426.307147] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 426.313096] ? mark_held_locks+0x130/0x130 [ 426.317663] ? debug_check_no_obj_freed+0x1ed/0x430 [ 426.323268] ? lock_downgrade+0x860/0x860 [ 426.327805] do_vfs_ioctl+0x196/0x10c0 [ 426.331771] ? lock_downgrade+0x860/0x860 [ 426.336175] ? __fget+0x9e/0x400 [ 426.339756] ? ioctl_preallocate+0x1c0/0x1c0 [ 426.344413] ? __fget+0x2a2/0x400 [ 426.347853] ? do_dup2+0x3f0/0x3f0 [ 426.351562] ? do_futex+0x1550/0x1550 [ 426.355375] ? __fget_light+0x174/0x1e0 [ 426.359547] ksys_ioctl+0x62/0x90 [ 426.363099] ? trace_hardirqs_off_caller+0x1d/0x180 [ 426.368131] __x64_sys_ioctl+0x6e/0xb0 [ 426.372205] do_syscall_64+0xd0/0x4e0 [ 426.376382] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 426.381845] RIP: 0033:0x44a299 [ 426.385602] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 426.405181] RSP: 002b:00007f81b2277308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 426.414450] RAX: ffffffffffffffda RBX: 00000000004cb508 RCX: 000000000044a299 [ 426.422603] RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000005 [ 426.431112] RBP: 00000000004cb500 R08: 0000000000000000 R09: 0000000000000000 [ 426.439127] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb50c [ 426.446850] R13: 000000000049b07c R14: 6972642f7665642f R15: 0000000000022000 [ 426.454637] Modules linked in: [ 426.459357] ---[ end trace c6e40909f002f85d ]--- [ 426.465779] RIP: 0010:vgem_fence_attach_ioctl+0x250/0x580 [ 426.475708] Code: 80 3c 02 00 0f 85 01 03 00 00 4d 8b bc 24 10 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cd 02 00 00 49 8b 87 e0 00 00 00 4c 89 f2 48 c1 [ 426.513717] RSP: 0018:ffff8881f4557a70 EFLAGS: 00010202 [ 426.521491] RAX: dffffc0000000000 RBX: ffff8881d4b7ba40 RCX: 0000000000000000 [ 426.530898] RDX: 000000000000001c RSI: 0000000000000004 RDI: 00000000000000e0 [ 426.542676] RBP: ffff8881f4557ab0 R08: ffffed103eca4561 R09: ffffed103eca4560 [ 426.554490] R10: ffffed103eca4560 R11: ffff8881f6522b03 R12: ffff8881da028d40 [ 426.565744] R13: ffff8881e3a60540 R14: ffff8881d4b7ba44 R15: 0000000000000000 [ 426.576230] FS: 00007f81b2277700(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000 [ 426.589345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 426.598538] CR2: 00007f81b2276ee8 CR3: 00000001f3f8d002 CR4: 00000000001606f0 [ 426.607859] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 426.618488] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 426.628526] Kernel panic - not syncing: Fatal exception [ 426.635930] Kernel Offset: disabled [ 426.640242] Rebooting in 86400 seconds..