Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. 2021/04/24 23:56:24 fuzzer started 2021/04/24 23:56:25 dialing manager at 10.128.0.169:43581 2021/04/24 23:56:25 syscalls: 3560 2021/04/24 23:56:25 code coverage: enabled 2021/04/24 23:56:25 comparison tracing: enabled 2021/04/24 23:56:25 extra coverage: enabled 2021/04/24 23:56:25 setuid sandbox: enabled 2021/04/24 23:56:25 namespace sandbox: enabled 2021/04/24 23:56:25 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/24 23:56:25 fault injection: enabled 2021/04/24 23:56:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/24 23:56:25 net packet injection: enabled 2021/04/24 23:56:25 net device setup: enabled 2021/04/24 23:56:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/24 23:56:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/24 23:56:25 USB emulation: enabled 2021/04/24 23:56:25 hci packet injection: enabled 2021/04/24 23:56:25 wifi device emulation: enabled 2021/04/24 23:56:25 802.15.4 emulation: enabled 2021/04/24 23:56:25 fetching corpus: 0, signal 0/2000 (executing program) syzkaller login: [ 70.341858][ T4827] general protection fault, probably for non-canonical address 0xdffffc00000000cd: 0000 [#1] PREEMPT SMP KASAN [ 70.353618][ T4827] KASAN: null-ptr-deref in range [0x0000000000000668-0x000000000000066f] [ 70.362046][ T4827] CPU: 0 PID: 4827 Comm: kworker/0:3 Not tainted 5.12.0-rc8-next-20210423-syzkaller #0 [ 70.371700][ T4827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.381775][ T4827] Workqueue: cgroup_destroy css_free_rwork_fn [ 70.387890][ T4827] RIP: 0010:css_free_rwork_fn+0xe2/0x10f0 [ 70.393643][ T4827] Code: ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 64 04 00 00 48 8d 7d 20 8b 5b a0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9d 0d 00 00 4c 89 f7 ff 55 20 48 c7 c7 e0 bd fb [ 70.413331][ T4827] RSP: 0018:ffffc9000b8e7cc8 EFLAGS: 00010203 [ 70.419423][ T4827] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.427419][ T4827] RDX: 00000000000000cd RSI: ffffffff816e6972 RDI: 000000000000066e [ 70.435412][ T4827] RBP: 000000000000064e R08: 0000000000000001 R09: ffffffff90207957 [ 70.443750][ T4827] R10: 0000000000000001 R11: 0000000000084087 R12: 00000870ffffea00 [ 70.451723][ T4827] R13: ffff8880290a0000 R14: ffff888014528000 R15: ffff8880b9c34a80 [ 70.459688][ T4827] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 70.468780][ T4827] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.475756][ T4827] CR2: 00007fe2b482f6b8 CR3: 0000000024405000 CR4: 00000000001506f0 [ 70.483772][ T4827] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.491738][ T4827] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.499724][ T4827] Call Trace: [ 70.503022][ T4827] process_one_work+0x98d/0x1600 [ 70.507970][ T4827] ? pwq_dec_nr_in_flight+0x320/0x320 [ 70.513353][ T4827] ? rwlock_bug.part.0+0x90/0x90 [ 70.518279][ T4827] ? _raw_spin_lock_irq+0x41/0x50 [ 70.523392][ T4827] worker_thread+0x64c/0x1120 [ 70.528338][ T4827] ? __kthread_parkme+0x13f/0x1e0 [ 70.533372][ T4827] ? process_one_work+0x1600/0x1600 [ 70.538663][ T4827] kthread+0x3b1/0x4a0 [ 70.542724][ T4827] ? __kthread_bind_mask+0xc0/0xc0 [ 70.547847][ T4827] ret_from_fork+0x1f/0x30 [ 70.552362][ T4827] Modules linked in: [ 70.562115][ T4827] ---[ end trace ca06c9e83614f55b ]--- [ 70.569567][ T4827] RIP: 0010:css_free_rwork_fn+0xe2/0x10f0 [ 70.576809][ T4827] Code: ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 64 04 00 00 48 8d 7d 20 8b 5b a0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9d 0d 00 00 4c 89 f7 ff 55 20 48 c7 c7 e0 bd fb [ 70.600253][ T4827] RSP: 0018:ffffc9000b8e7cc8 EFLAGS: 00010203 [ 70.607891][ T4827] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.616325][ T4827] RDX: 00000000000000cd RSI: ffffffff816e6972 RDI: 000000000000066e [ 70.624622][ T4827] RBP: 000000000000064e R08: 0000000000000001 R09: ffffffff90207957 [ 70.633149][ T4827] R10: 0000000000000001 R11: 0000000000084087 R12: 00000870ffffea00 [ 70.641581][ T4827] R13: ffff8880290a0000 R14: ffff888014528000 R15: ffff8880b9c34a80 [ 70.649834][ T4827] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 70.659164][ T4827] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.666076][ T4827] CR2: 00007ff17803f028 CR3: 0000000013177000 CR4: 00000000001506f0 [ 70.674481][ T4827] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.682923][ T4827] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.691398][ T4827] Kernel panic - not syncing: Fatal exception [ 70.698526][ T4827] Kernel Offset: disabled [ 70.703701][ T4827] Rebooting in 86400 seconds..