[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.79' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [ 35.563031] ==================================================================
[ 35.570549] BUG: KASAN: use-after-free in __list_add_valid+0x81/0xa0
[ 35.577239] Read of size 8 at addr ffff88808d7853c0 by task syz-executor190/8123
[ 35.584765]
[ 35.586403] CPU: 1 PID: 8123 Comm: syz-executor190 Not tainted 4.19.194-syzkaller #0
[ 35.594291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 35.603758] Call Trace:
[ 35.606515] dump_stack+0x1fc/0x2ef
[ 35.610162] print_address_description.cold+0x54/0x219
[ 35.615458] kasan_report_error.cold+0x8a/0x1b9
[ 35.620131] ? __list_add_valid+0x81/0xa0
[ 35.624277] __asan_report_load8_noabort+0x88/0x90
[ 35.629222] ? __list_add_valid+0x81/0xa0
[ 35.633378] __list_add_valid+0x81/0xa0
[ 35.637349] chrdev_open+0x4b9/0x770
[ 35.641055] ? __register_chrdev+0x400/0x400
[ 35.645458] do_dentry_open+0x4aa/0x1160
[ 35.649654] ? __register_chrdev+0x400/0x400
[ 35.654060] ? inode_permission.part.0+0x10c/0x450
[ 35.658998] ? chown_common+0x550/0x550
[ 35.662994] ? inode_permission+0x3d/0x140
[ 35.667298] path_openat+0x793/0x2df0
[ 35.671352] ? path_lookupat+0x8d0/0x8d0
[ 35.675411] ? mark_held_locks+0xf0/0xf0
[ 35.679465] do_filp_open+0x18c/0x3f0
[ 35.683261] ? may_open_dev+0xf0/0xf0
[ 35.687418] ? lock_downgrade+0x720/0x720
[ 35.691756] ? lock_acquire+0x170/0x3c0
[ 35.695985] ? __alloc_fd+0x34/0x570
[ 35.699693] ? do_raw_spin_unlock+0x171/0x230
[ 35.704192] ? _raw_spin_unlock+0x29/0x40
[ 35.708347] ? __alloc_fd+0x28d/0x570
[ 35.712150] do_sys_open+0x3b3/0x520
[ 35.715950] ? filp_open+0x70/0x70
[ 35.719528] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 35.724888] ? trace_hardirqs_off_caller+0x6e/0x210
[ 35.729916] ? do_syscall_64+0x21/0x620
[ 35.733906] do_syscall_64+0xf9/0x620
[ 35.737823] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.743024] RIP: 0033:0x446799
[ 35.746270] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 35.765269] RSP: 002b:00007f658e3632f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 35.773018] RAX: ffffffffffffffda RBX: 00000000004d0510 RCX: 0000000000446799
[ 35.780294] RDX: 0000000000000000 RSI: 0000000020002040 RDI: 00000000ffffff9c
[ 35.787605] RBP: 00000000004a0144 R08: 0000000000000000 R09: 0000000000000000
[ 35.794908] R10: 0000000000000000 R11: 0000000000000246 R12: 2f30656c69662f2e
[ 35.802214] R13: 000000000049e140 R14: 8000000000000000 R15: 00000000004d0518
[ 35.809685]
[ 35.811316] Allocated by task 8113:
[ 35.814952] kmem_cache_alloc+0x122/0x370
[ 35.819206] fuse_alloc_inode+0x1d/0x3f0
[ 35.823297] alloc_inode+0x5d/0x180
[ 35.826933] iget5_locked+0x57/0xd0
[ 35.830651] fuse_iget+0x1a6/0x800
[ 35.834202] fuse_lookup_name+0x413/0x5c0
[ 35.838441] fuse_lookup+0xdf/0x410
[ 35.842091] __lookup_slow+0x246/0x4a0
[ 35.845981] walk_component+0x7ac/0xda0
[ 35.849959] path_lookupat+0x1ff/0x8d0
[ 35.853867] filename_lookup+0x1ac/0x5a0
[ 35.858020] vfs_statx+0x113/0x210
[ 35.861567] __se_sys_newfstatat+0x9e/0x120
[ 35.866173] do_syscall_64+0xf9/0x620
[ 35.870090] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 35.875291]
[ 35.876946] Freed by task 0:
[ 35.879971] kmem_cache_free+0x7f/0x260
[ 35.883954] rcu_process_callbacks+0x8ff/0x18b0
[ 35.888652] __do_softirq+0x265/0x980
[ 35.892469]
[ 35.894106] The buggy address belongs to the object at ffff88808d785040
[ 35.894106] which belongs to the cache fuse_inode of size 1264
[ 35.907261] The buggy address is located 896 bytes inside of
[ 35.907261] 1264-byte region [ffff88808d785040, ffff88808d785530)
[ 35.919331] The buggy address belongs to the page:
[ 35.924619] page:ffffea000235e140 count:1 mapcount:0 mapping:ffff8882395b8e00 index:0xffff88808d785ffe
[ 35.934243] flags: 0xfff00000000100(slab)
[ 35.938733] raw: 00fff00000000100 ffff8880b0e5a648 ffffea00022e01c8 ffff8882395b8e00
[ 35.946723] raw: ffff88808d785ffe ffff88808d785040 0000000100000002 0000000000000000
[ 35.954676] page dumped because: kasan: bad access detected
[ 35.960439]
[ 35.962066] Memory state around the buggy address:
[ 35.966996] ffff88808d785280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.974358] ffff88808d785300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.981725] >ffff88808d785380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 35.989193] ^
[ 35.994738] ffff88808d785400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.002101] ffff88808d785480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.009651] ==================================================================
[ 36.017023] Disabling lock debugging due to kernel taint
[ 36.022872] Kernel panic - not syncing: panic_on_warn set ...
[ 36.022872]
[ 36.030269] CPU: 1 PID: 8123 Comm: syz-executor190 Tainted: G B 4.19.194-syzkaller #0
[ 36.039676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.049035] Call Trace:
[ 36.051670] dump_stack+0x1fc/0x2ef
[ 36.055311] panic+0x26a/0x50e
[ 36.058525] ? __warn_printk+0xf3/0xf3
[ 36.062543] ? retint_kernel+0x2d/0x2d
[ 36.066544] ? trace_hardirqs_on+0x55/0x210
[ 36.070892] kasan_end_report+0x43/0x49
[ 36.074966] kasan_report_error.cold+0xa7/0x1b9
[ 36.079641] ? __list_add_valid+0x81/0xa0
[ 36.083889] __asan_report_load8_noabort+0x88/0x90
[ 36.088810] ? __list_add_valid+0x81/0xa0
[ 36.092962] __list_add_valid+0x81/0xa0
[ 36.096942] chrdev_open+0x4b9/0x770
[ 36.100673] ? __register_chrdev+0x400/0x400
[ 36.105072] do_dentry_open+0x4aa/0x1160
[ 36.111206] ? __register_chrdev+0x400/0x400
[ 36.115602] ? inode_permission.part.0+0x10c/0x450
[ 36.120558] ? chown_common+0x550/0x550
[ 36.124629] ? inode_permission+0x3d/0x140
[ 36.129025] path_openat+0x793/0x2df0
[ 36.132830] ? path_lookupat+0x8d0/0x8d0
[ 36.137065] ? mark_held_locks+0xf0/0xf0
[ 36.141129] do_filp_open+0x18c/0x3f0
[ 36.144915] ? may_open_dev+0xf0/0xf0
[ 36.148718] ? lock_downgrade+0x720/0x720
[ 36.152851] ? lock_acquire+0x170/0x3c0
[ 36.156811] ? __alloc_fd+0x34/0x570
[ 36.160524] ? do_raw_spin_unlock+0x171/0x230
[ 36.165015] ? _raw_spin_unlock+0x29/0x40
[ 36.169151] ? __alloc_fd+0x28d/0x570
[ 36.173030] do_sys_open+0x3b3/0x520
[ 36.176738] ? filp_open+0x70/0x70
[ 36.180280] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 36.185837] ? trace_hardirqs_off_caller+0x6e/0x210
[ 36.190889] ? do_syscall_64+0x21/0x620
[ 36.195277] do_syscall_64+0xf9/0x620
[ 36.199071] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 36.204348] RIP: 0033:0x446799
[ 36.207981] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 36.227429] RSP: 002b:00007f658e3632f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 36.235360] RAX: ffffffffffffffda RBX: 00000000004d0510 RCX: 0000000000446799
[ 36.242911] RDX: 0000000000000000 RSI: 0000000020002040 RDI: 00000000ffffff9c
[ 36.250273] RBP: 00000000004a0144 R08: 0000000000000000 R09: 0000000000000000
[ 36.257549] R10: 0000000000000000 R11: 0000000000000246 R12: 2f30656c69662f2e
[ 36.264805] R13: 000000000049e140 R14: 8000000000000000 R15: 00000000004d0518
[ 36.273139] Kernel Offset: disabled
[ 36.276762] Rebooting in 86400 seconds..