[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts.
2022/10/16 07:43:39 fuzzer started
2022/10/16 07:43:39 dialing manager at 10.128.0.163:34051
2022/10/16 07:43:39 syscalls: 3546
2022/10/16 07:43:39 code coverage: enabled
2022/10/16 07:43:39 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2022/10/16 07:43:39 extra coverage: extra coverage is not supported by the kernel
2022/10/16 07:43:39 delay kcov mmap: mmap returned an invalid pointer
2022/10/16 07:43:39 setuid sandbox: enabled
2022/10/16 07:43:39 namespace sandbox: enabled
2022/10/16 07:43:39 Android sandbox: /sys/fs/selinux/policy does not exist
2022/10/16 07:43:39 fault injection: enabled
2022/10/16 07:43:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2022/10/16 07:43:39 net packet injection: enabled
2022/10/16 07:43:39 net device setup: enabled
2022/10/16 07:43:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2022/10/16 07:43:39 devlink PCI setup: PCI device 0000:00:10.0 is not available
2022/10/16 07:43:39 NIC VF setup: PCI device 0000:00:11.0 is not available
2022/10/16 07:43:39 USB emulation: /dev/raw-gadget does not exist
2022/10/16 07:43:39 hci packet injection: enabled
2022/10/16 07:43:39 wifi device emulation: kernel 4.17 required (have 4.14.295-syzkaller                                               )
2022/10/16 07:43:39 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
2022/10/16 07:43:39 fetching corpus: 0, signal 0/2000 (executing program)
2022/10/16 07:43:40 fetching corpus: 50, signal 42993/46772 (executing program)
2022/10/16 07:43:40 fetching corpus: 100, signal 69396/74870 (executing program)
2022/10/16 07:43:40 fetching corpus: 150, signal 86713/93853 (executing program)
2022/10/16 07:43:40 fetching corpus: 200, signal 101340/110109 (executing program)
2022/10/16 07:43:40 fetching corpus: 250, signal 110974/121367 (executing program)
2022/10/16 07:43:40 fetching corpus: 300, signal 118486/130468 (executing program)
2022/10/16 07:43:41 fetching corpus: 350, signal 128251/141767 (executing program)
2022/10/16 07:43:41 fetching corpus: 400, signal 138208/153233 (executing program)
2022/10/16 07:43:41 fetching corpus: 450, signal 144146/160722 (executing program)
2022/10/16 07:43:41 fetching corpus: 500, signal 153446/171470 (executing program)
2022/10/16 07:43:41 fetching corpus: 550, signal 164395/183744 (executing program)
2022/10/16 07:43:42 fetching corpus: 600, signal 171593/192346 (executing program)
2022/10/16 07:43:42 fetching corpus: 650, signal 177103/199276 (executing program)
2022/10/16 07:43:42 fetching corpus: 700, signal 183605/207109 (executing program)
2022/10/16 07:43:42 fetching corpus: 750, signal 189612/214505 (executing program)
2022/10/16 07:43:42 fetching corpus: 800, signal 195277/221525 (executing program)
2022/10/16 07:43:43 fetching corpus: 850, signal 200023/227631 (executing program)
2022/10/16 07:43:52 fetching corpus: 900, signal 204685/233622 (executing program)
syzkaller login: [   39.145515] ==================================================================
[   39.152991] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1360/0x17d0
[   39.160334] Read of size 8 at addr ffff888095f27b68 by task syz-fuzzer/7994
[   39.167410] 
[   39.169021] CPU: 1 PID: 7994 Comm: syz-fuzzer Not tainted 4.14.295-syzkaller #0
[   39.176445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   39.185821] Call Trace:
[   39.188384]  <IRQ>
[   39.190517]  dump_stack+0x1b2/0x281
[   39.194126]  print_address_description.cold+0x54/0x1d3
[   39.199383]  kasan_report_error.cold+0x8a/0x191
[   39.204028]  ? unwind_next_frame+0x1360/0x17d0
[   39.208600]  __asan_report_load8_noabort+0x68/0x70
[   39.213517]  ? unwind_next_frame+0x1360/0x17d0
[   39.218077]  unwind_next_frame+0x1360/0x17d0
[   39.222473]  ? retint_kernel+0x2d/0x2d
[   39.226350]  ? deref_stack_reg+0x1a0/0x1a0
[   39.230572]  ? retint_kernel+0x2d/0x2d
[   39.234440]  __save_stack_trace+0x90/0x160
[   39.238665]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   39.244090]  ? ep_read_events_proc+0x440/0x440
[   39.248650]  kasan_kmalloc+0xeb/0x160
[   39.252426]  ? kasan_kmalloc+0xeb/0x160
[   39.256379]  ? kmem_cache_alloc_node+0x133/0x410
[   39.261114]  ? __alloc_skb+0x5c/0x510
[   39.264911]  ? __napi_alloc_skb+0x57/0x2d0
[   39.269134]  ? page_to_skb+0x7b/0x820
[   39.272912]  ? receive_buf+0x1f71/0x4d70
[   39.276951]  ? virtnet_poll+0x4b7/0x960
[   39.280906]  ? net_rx_action+0x466/0xfd0
[   39.284942]  ? __do_softirq+0x24d/0x9ff
[   39.288905]  ? irq_exit+0x193/0x240
[   39.292526]  ? do_IRQ+0x112/0x1d0
[   39.295969]  ? common_interrupt+0x93/0x93
[   39.300106]  ? lock_acquire+0x97/0x3f0
[   39.305547]  ? ep_scan_ready_list+0x637/0x7e0
[   39.310020]  ? retint_kernel+0x2d/0x2d
[   39.313888]  ? ip_local_deliver+0x460/0x460
[   39.318186]  ? consume_skb+0x27d/0x380
[   39.322052]  ? ip_local_deliver_finish+0xab0/0xab0
[   39.326964]  ? __lock_acquire+0x5fc/0x3f20
[   39.331179]  ? is_skb_forwardable+0x1e0/0x1e0
[   39.335653]  ? tcp4_gro_receive+0x498/0x790
[   39.339953]  ? should_fail+0x327/0x3f0
[   39.343822]  ? kmem_cache_alloc_node+0x2f8/0x410
[   39.348556]  kmem_cache_alloc_node+0x133/0x410
[   39.353119]  __alloc_skb+0x5c/0x510
[   39.356808]  __napi_alloc_skb+0x57/0x2d0
[   39.360852]  page_to_skb+0x7b/0x820
[   39.364459]  receive_buf+0x1f71/0x4d70
[   39.368329]  ? __lock_acquire+0x5fc/0x3f20
[   39.372538]  ? virtnet_xdp_xmit.constprop.0+0x780/0x780
[   39.377880]  ? detach_buf+0x422/0x580
[   39.381662]  ? __lock_acquire+0x5fc/0x3f20
[   39.385877]  ? virtqueue_get_buf_ctx+0x3d9/0x6b0
[   39.390615]  ? check_preemption_disabled+0x35/0x240
[   39.395607]  virtnet_poll+0x4b7/0x960
[   39.399393]  ? try_fill_recv+0x17b0/0x17b0
[   39.403606]  ? net_rx_action+0x244/0xfd0
[   39.407644]  net_rx_action+0x466/0xfd0
[   39.411510]  ? napi_gro_frags+0x8f0/0x8f0
[   39.415636]  ? sched_clock+0x2a/0x40
[   39.419327]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   39.424756]  __do_softirq+0x24d/0x9ff
[   39.428533]  ? check_preemption_disabled+0x35/0x240
[   39.433527]  irq_exit+0x193/0x240
[   39.436955]  do_IRQ+0x112/0x1d0
[   39.440212]  common_interrupt+0x93/0x93
[   39.444162]  </IRQ>
[   39.446379] RIP: 0010:lock_acquire+0x97/0x3f0
[   39.450847] RSP: 0018:ffff888095f27a48 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffad
[   39.458529] RAX: 1ffffffff11e1358 RBX: ffff8880b3650480 RCX: 0000000000000000
[   39.465774] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8880b3650d04
[   39.473018] RBP: ffff8880b4754118 R08: 0000000000000001 R09: 0000000000000000
[   39.480263] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   39.487507] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
[   39.494768]  ? ep_scan_ready_list+0x637/0x7e0
[   39.499244]  ep_scan_ready_list+0x637/0x7e0
[   39.503543]  ? __mutex_lock+0xc4/0x1310
[   39.507492]  ? ep_scan_ready_list+0x637/0x7e0
[   39.511963]  ? retint_kernel+0x2d/0x2d
[   39.515830]  ? trace_hardirqs_on_caller+0x3a8/0x580
[   39.520826]  ? ep_scan_ready_list+0x637/0x7e0
[   39.525297]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   39.530722]  retint_kernel+0x2d/0x2d
[   39.534413] RIP: b4754080:ep_send_events_proc+0x0/0x9c0
[   39.539752] RSP: 95f27c58:0000000000000000 EFLAGS: ffff888095f27d78 ORIG_RAX: ffffffffffffffad
[   39.548476] RAX: ffff8880b3650480 RBX: ffffffff81967220 RCX: 1ffff11012be4f87
[   39.555721] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880b47540b8
[   39.562967] RBP: ffff8880b4754080 R08: 0000000000000000 R09: 0000000000000000
[   39.570210] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888095f27d78
[   39.577456] R13: 0000000000000000 R14: ffff888095f27c58 R15: 0000000000000000
[   39.584709]  ? ep_read_events_proc+0x440/0x440
[   39.589272]  ? ep_scan_ready_list+0x637/0x7e0
[   39.593743]  ? lock_downgrade+0x740/0x740
[   39.597868]  ? ep_eventpoll_release+0x60/0x60
[   39.602337]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   39.607425]  ? ep_poll+0x234/0xa50
[   39.610953]  ? ep_poll_readyevents_proc+0x90/0x90
[   39.615771]  ? lock_downgrade+0x740/0x740
[   39.619900]  ? __fget+0x265/0x3e0
[   39.623335]  ? wake_up_q+0xd0/0xd0
[   39.626855]  ? SyS_epoll_wait+0x150/0x1a0
[   39.630978]  ? SyS_epoll_pwait+0x1e9/0x230
[   39.635189]  ? SyS_epoll_wait+0x1a0/0x1a0
[   39.639312]  ? kernel_write+0x110/0x110
[   39.643263]  ? __do_page_fault+0x159/0xad0
[   39.647474]  ? do_syscall_64+0x4c/0x640
[   39.651424]  ? SyS_epoll_wait+0x1a0/0x1a0
[   39.655547]  ? do_syscall_64+0x1d5/0x640
[   39.659611]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   39.664952] 
[   39.666555] The buggy address belongs to the page:
[   39.671458] page:ffffea000257c9c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   39.679583] flags: 0xfff00000000000()
[   39.683359] raw: 00fff00000000000 0000000000000000 0000000000000000 00000000ffffffff
[   39.691304] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   39.699159] page dumped because: kasan: bad access detected
[   39.704839] 
[   39.706441] Memory state around the buggy address:
[   39.711346]  ffff888095f27a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.718693]  ffff888095f27a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.726022] >ffff888095f27b00: 00 f1 f1 f1 f1 00 00 00 f2 00 00 00 f2 f2 f2 00
[   39.733352]                                                           ^
[   39.740075]  ffff888095f27b80: 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00
[   39.747404]  ffff888095f27c00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00
[   39.754735] ==================================================================
[   39.762065] Disabling lock debugging due to kernel taint
[   39.767528] Kernel panic - not syncing: panic_on_warn set ...
[   39.767528] 
[   39.774972] CPU: 1 PID: 7994 Comm: syz-fuzzer Tainted: G    B           4.14.295-syzkaller #0
[   39.783617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[   39.792951] Call Trace:
[   39.795526]  <IRQ>
[   39.797669]  dump_stack+0x1b2/0x281
[   39.801290]  panic+0x1f9/0x42d
[   39.804474]  ? add_taint.cold+0x16/0x16
[   39.808434]  kasan_end_report+0x43/0x49
[   39.812381]  kasan_report_error.cold+0xa7/0x191
[   39.817023]  ? unwind_next_frame+0x1360/0x17d0
[   39.821578]  __asan_report_load8_noabort+0x68/0x70
[   39.826484]  ? unwind_next_frame+0x1360/0x17d0
[   39.831038]  unwind_next_frame+0x1360/0x17d0
[   39.835419]  ? retint_kernel+0x2d/0x2d
[   39.839366]  ? deref_stack_reg+0x1a0/0x1a0
[   39.843571]  ? retint_kernel+0x2d/0x2d
[   39.847433]  __save_stack_trace+0x90/0x160
[   39.851642]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   39.857063]  ? ep_read_events_proc+0x440/0x440
[   39.861639]  kasan_kmalloc+0xeb/0x160
[   39.865411]  ? kasan_kmalloc+0xeb/0x160
[   39.869359]  ? kmem_cache_alloc_node+0x133/0x410
[   39.874086]  ? __alloc_skb+0x5c/0x510
[   39.877855]  ? __napi_alloc_skb+0x57/0x2d0
[   39.882059]  ? page_to_skb+0x7b/0x820
[   39.885830]  ? receive_buf+0x1f71/0x4d70
[   39.889861]  ? virtnet_poll+0x4b7/0x960
[   39.893810]  ? net_rx_action+0x466/0xfd0
[   39.897841]  ? __do_softirq+0x24d/0x9ff
[   39.901872]  ? irq_exit+0x193/0x240
[   39.905473]  ? do_IRQ+0x112/0x1d0
[   39.908905]  ? common_interrupt+0x93/0x93
[   39.913034]  ? lock_acquire+0x97/0x3f0
[   39.916920]  ? ep_scan_ready_list+0x637/0x7e0
[   39.921384]  ? retint_kernel+0x2d/0x2d
[   39.925244]  ? ip_local_deliver+0x460/0x460
[   39.929536]  ? consume_skb+0x27d/0x380
[   39.933394]  ? ip_local_deliver_finish+0xab0/0xab0
[   39.938297]  ? __lock_acquire+0x5fc/0x3f20
[   39.942504]  ? is_skb_forwardable+0x1e0/0x1e0
[   39.946972]  ? tcp4_gro_receive+0x498/0x790
[   39.951262]  ? should_fail+0x327/0x3f0
[   39.955121]  ? kmem_cache_alloc_node+0x2f8/0x410
[   39.959851]  kmem_cache_alloc_node+0x133/0x410
[   39.964407]  __alloc_skb+0x5c/0x510
[   39.968005]  __napi_alloc_skb+0x57/0x2d0
[   39.972038]  page_to_skb+0x7b/0x820
[   39.975636]  receive_buf+0x1f71/0x4d70
[   39.979501]  ? __lock_acquire+0x5fc/0x3f20
[   39.983707]  ? virtnet_xdp_xmit.constprop.0+0x780/0x780
[   39.989045]  ? detach_buf+0x422/0x580
[   39.992819]  ? __lock_acquire+0x5fc/0x3f20
[   39.997029]  ? virtqueue_get_buf_ctx+0x3d9/0x6b0
[   40.001940]  ? check_preemption_disabled+0x35/0x240
[   40.006936]  virtnet_poll+0x4b7/0x960
[   40.010709]  ? try_fill_recv+0x17b0/0x17b0
[   40.014918]  ? net_rx_action+0x244/0xfd0
[   40.018972]  net_rx_action+0x466/0xfd0
[   40.022832]  ? napi_gro_frags+0x8f0/0x8f0
[   40.026952]  ? sched_clock+0x2a/0x40
[   40.030640]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   40.036078]  __do_softirq+0x24d/0x9ff
[   40.039854]  ? check_preemption_disabled+0x35/0x240
[   40.044842]  irq_exit+0x193/0x240
[   40.048268]  do_IRQ+0x112/0x1d0
[   40.051518]  common_interrupt+0x93/0x93
[   40.055460]  </IRQ>
[   40.057670] RIP: 0010:lock_acquire+0x97/0x3f0
[   40.062136] RSP: 0018:ffff888095f27a48 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffad
[   40.069819] RAX: 1ffffffff11e1358 RBX: ffff8880b3650480 RCX: 0000000000000000
[   40.077065] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8880b3650d04
[   40.084306] RBP: ffff8880b4754118 R08: 0000000000000001 R09: 0000000000000000
[   40.091545] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   40.098789] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
[   40.106041]  ? ep_scan_ready_list+0x637/0x7e0
[   40.110508]  ep_scan_ready_list+0x637/0x7e0
[   40.114802]  ? __mutex_lock+0xc4/0x1310
[   40.118747]  ? ep_scan_ready_list+0x637/0x7e0
[   40.123215]  ? retint_kernel+0x2d/0x2d
[   40.127074]  ? trace_hardirqs_on_caller+0x3a8/0x580
[   40.132063]  ? ep_scan_ready_list+0x637/0x7e0
[   40.136529]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   40.141953]  retint_kernel+0x2d/0x2d
[   40.145638] RIP: b4754080:ep_send_events_proc+0x0/0x9c0
[   40.151059] RSP: 95f27c58:0000000000000000 EFLAGS: ffff888095f27d78 ORIG_RAX: ffffffffffffffad
[   40.159778] RAX: ffff8880b3650480 RBX: ffffffff81967220 RCX: 1ffff11012be4f87
[   40.167020] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880b47540b8
[   40.174268] RBP: ffff8880b4754080 R08: 0000000000000000 R09: 0000000000000000
[   40.181514] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888095f27d78
[   40.188761] R13: 0000000000000000 R14: ffff888095f27c58 R15: 0000000000000000
[   40.196016]  ? ep_read_events_proc+0x440/0x440
[   40.200577]  ? ep_scan_ready_list+0x637/0x7e0
[   40.205051]  ? lock_downgrade+0x740/0x740
[   40.209171]  ? ep_eventpoll_release+0x60/0x60
[   40.213639]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[   40.218726]  ? ep_poll+0x234/0xa50
[   40.222242]  ? ep_poll_readyevents_proc+0x90/0x90
[   40.227057]  ? lock_downgrade+0x740/0x740
[   40.231188]  ? __fget+0x265/0x3e0
[   40.234614]  ? wake_up_q+0xd0/0xd0
[   40.238129]  ? SyS_epoll_wait+0x150/0x1a0
[   40.242247]  ? SyS_epoll_pwait+0x1e9/0x230
[   40.246456]  ? SyS_epoll_wait+0x1a0/0x1a0
[   40.250577]  ? kernel_write+0x110/0x110
[   40.254522]  ? __do_page_fault+0x159/0xad0
[   40.258738]  ? do_syscall_64+0x4c/0x640
[   40.262694]  ? SyS_epoll_wait+0x1a0/0x1a0
[   40.266813]  ? do_syscall_64+0x1d5/0x640
[   40.270849]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   40.276352] Kernel Offset: disabled
[   40.279956] Rebooting in 86400 seconds..