Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.113' (ECDSA) to the list of known hosts. 2021/05/01 16:32:19 fuzzer started 2021/05/01 16:32:19 dialing manager at 10.128.0.169:44661 2021/05/01 16:32:20 syscalls: 3571 2021/05/01 16:32:20 code coverage: enabled 2021/05/01 16:32:20 comparison tracing: enabled 2021/05/01 16:32:20 extra coverage: enabled 2021/05/01 16:32:20 setuid sandbox: enabled 2021/05/01 16:32:20 namespace sandbox: enabled 2021/05/01 16:32:20 Android sandbox: /sys/fs/selinux/policy does not exist 2021/05/01 16:32:20 fault injection: enabled 2021/05/01 16:32:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/01 16:32:20 net packet injection: enabled 2021/05/01 16:32:20 net device setup: enabled 2021/05/01 16:32:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/05/01 16:32:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/01 16:32:20 USB emulation: enabled 2021/05/01 16:32:20 hci packet injection: enabled 2021/05/01 16:32:20 wifi device emulation: enabled 2021/05/01 16:32:20 802.15.4 emulation: enabled 2021/05/01 16:32:20 fetching corpus: 0, signal 0/2000 (executing program) syzkaller login: [ 76.480998][ T8467] ================================================================== [ 76.489470][ T8467] BUG: KASAN: use-after-free in __skb_datagram_iter+0x6b8/0x770 [ 76.497360][ T8467] Read of size 4 at addr ffff88802e540004 by task syz-fuzzer/8467 [ 76.505278][ T8467] [ 76.507618][ T8467] CPU: 0 PID: 8467 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210423-syzkaller #0 [ 76.517299][ T8467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.527930][ T8467] Call Trace: [ 76.531235][ T8467] dump_stack+0x141/0x1d7 [ 76.535791][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 76.541460][ T8467] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 76.548543][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 76.553960][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 76.559757][ T8467] kasan_report.cold+0x7c/0xd8 [ 76.564585][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 76.570137][ T8467] __skb_datagram_iter+0x6b8/0x770 [ 76.575390][ T8467] ? zerocopy_sg_from_iter+0x110/0x110 [ 76.581074][ T8467] skb_copy_datagram_iter+0x40/0x50 [ 76.586489][ T8467] tcp_recvmsg_locked+0x1048/0x22f0 [ 76.591744][ T8467] ? tcp_splice_read+0x8b0/0x8b0 [ 76.597017][ T8467] ? mark_held_locks+0x9f/0xe0 [ 76.601947][ T8467] ? __local_bh_enable_ip+0xa0/0x120 [ 76.607378][ T8467] tcp_recvmsg+0x134/0x550 [ 76.611949][ T8467] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 76.617811][ T8467] ? aa_sk_perm+0x311/0xab0 [ 76.622354][ T8467] inet_recvmsg+0x11b/0x5e0 [ 76.627348][ T8467] ? inet_sendpage+0x140/0x140 [ 76.632160][ T8467] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.638437][ T8467] ? security_socket_recvmsg+0x8f/0xc0 [ 76.644339][ T8467] sock_read_iter+0x33c/0x470 [ 76.649212][ T8467] ? ____sys_recvmsg+0x600/0x600 [ 76.654308][ T8467] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.660679][ T8467] ? fsnotify+0xa58/0x1060 [ 76.665345][ T8467] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.671712][ T8467] new_sync_read+0x5b7/0x6e0 [ 76.676767][ T8467] ? ksys_lseek+0x1b0/0x1b0 [ 76.681518][ T8467] vfs_read+0x35c/0x570 [ 76.685873][ T8467] ksys_read+0x1ee/0x250 [ 76.690305][ T8467] ? vfs_write+0xa40/0xa40 [ 76.694753][ T8467] ? syscall_enter_from_user_mode+0x27/0x70 [ 76.700679][ T8467] do_syscall_64+0x3a/0xb0 [ 76.705936][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.712263][ T8467] RIP: 0033:0x4af19b [ 76.716427][ T8467] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 76.737645][ T8467] RSP: 002b:000000c000477850 EFLAGS: 00000206 ORIG_RAX: 0000000000000000 [ 76.746444][ T8467] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b [ 76.754596][ T8467] RDX: 0000000000001000 RSI: 000000c00036a000 RDI: 0000000000000006 [ 76.762668][ T8467] RBP: 000000c0004778a0 R08: 0000000000000001 R09: 0000000000000002 [ 76.770817][ T8467] R10: 00000000000037ee R11: 0000000000000206 R12: 00000000000037e9 [ 76.779273][ T8467] R13: 0000000000000800 R14: 0000000000000020 R15: 0000000000000020 [ 76.787442][ T8467] [ 76.789760][ T8467] The buggy address belongs to the page: [ 76.795467][ T8467] page:ffffea0000b95000 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x2e540 [ 76.806228][ T8467] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 76.813433][ T8467] raw: 00fff00000000000 ffffea0000cd2808 ffffea00007c6408 0000000000000000 [ 76.822280][ T8467] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 76.830995][ T8467] page dumped because: kasan: bad access detected [ 76.837679][ T8467] [ 76.840014][ T8467] Memory state around the buggy address: [ 76.845867][ T8467] ffff88802e53ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.854106][ T8467] ffff88802e53ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.862558][ T8467] >ffff88802e540000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.870738][ T8467] ^ [ 76.874807][ T8467] ffff88802e540080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.883185][ T8467] ffff88802e540100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.891337][ T8467] ================================================================== [ 76.899670][ T8467] Disabling lock debugging due to kernel taint [ 76.907490][ T8467] Kernel panic - not syncing: panic_on_warn set ... [ 76.914222][ T8467] CPU: 1 PID: 8467 Comm: syz-fuzzer Tainted: G B 5.12.0-rc8-next-20210423-syzkaller #0 [ 76.925863][ T8467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.935921][ T8467] Call Trace: [ 76.939198][ T8467] dump_stack+0x141/0x1d7 [ 76.943648][ T8467] panic+0x306/0x73d [ 76.947629][ T8467] ? __warn_printk+0xf3/0xf3 [ 76.952235][ T8467] ? preempt_schedule_common+0x59/0xc0 [ 76.957708][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 76.963073][ T8467] ? preempt_schedule_thunk+0x16/0x18 [ 76.968723][ T8467] ? trace_hardirqs_on+0x38/0x1c0 [ 76.973841][ T8467] ? trace_hardirqs_on+0x51/0x1c0 [ 76.978950][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 76.985310][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 76.990621][ T8467] end_report.cold+0x5a/0x5a [ 76.995217][ T8467] kasan_report.cold+0x6a/0xd8 [ 76.999996][ T8467] ? __skb_datagram_iter+0x6b8/0x770 [ 77.005273][ T8467] __skb_datagram_iter+0x6b8/0x770 [ 77.010380][ T8467] ? zerocopy_sg_from_iter+0x110/0x110 [ 77.016006][ T8467] skb_copy_datagram_iter+0x40/0x50 [ 77.021372][ T8467] tcp_recvmsg_locked+0x1048/0x22f0 [ 77.026660][ T8467] ? tcp_splice_read+0x8b0/0x8b0 [ 77.031601][ T8467] ? mark_held_locks+0x9f/0xe0 [ 77.036624][ T8467] ? __local_bh_enable_ip+0xa0/0x120 [ 77.042289][ T8467] tcp_recvmsg+0x134/0x550 [ 77.046963][ T8467] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 77.052506][ T8467] ? aa_sk_perm+0x311/0xab0 [ 77.057002][ T8467] inet_recvmsg+0x11b/0x5e0 [ 77.061717][ T8467] ? inet_sendpage+0x140/0x140 [ 77.066580][ T8467] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.073075][ T8467] ? security_socket_recvmsg+0x8f/0xc0 [ 77.078615][ T8467] sock_read_iter+0x33c/0x470 [ 77.083305][ T8467] ? ____sys_recvmsg+0x600/0x600 [ 77.088502][ T8467] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.094840][ T8467] ? fsnotify+0xa58/0x1060 [ 77.099251][ T8467] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 77.106224][ T8467] new_sync_read+0x5b7/0x6e0 [ 77.111293][ T8467] ? ksys_lseek+0x1b0/0x1b0 [ 77.115980][ T8467] vfs_read+0x35c/0x570 [ 77.120129][ T8467] ksys_read+0x1ee/0x250 [ 77.124361][ T8467] ? vfs_write+0xa40/0xa40 [ 77.128857][ T8467] ? syscall_enter_from_user_mode+0x27/0x70 [ 77.134767][ T8467] do_syscall_64+0x3a/0xb0 [ 77.139204][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 77.145293][ T8467] RIP: 0033:0x4af19b [ 77.149279][ T8467] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 77.170345][ T8467] RSP: 002b:000000c000477850 EFLAGS: 00000206 ORIG_RAX: 0000000000000000 [ 77.179186][ T8467] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b [ 77.187557][ T8467] RDX: 0000000000001000 RSI: 000000c00036a000 RDI: 0000000000000006 [ 77.196005][ T8467] RBP: 000000c0004778a0 R08: 0000000000000001 R09: 0000000000000002 [ 77.204243][ T8467] R10: 00000000000037ee R11: 0000000000000206 R12: 00000000000037e9 [ 77.212612][ T8467] R13: 0000000000000800 R14: 0000000000000020 R15: 0000000000000020 [ 77.222322][ T8467] Kernel Offset: disabled [ 77.227170][ T8467] Rebooting in 86400 seconds..