Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. 2021/05/02 00:33:42 fuzzer started 2021/05/02 00:33:43 dialing manager at 10.128.0.169:44661 2021/05/02 00:33:43 syscalls: 3571 2021/05/02 00:33:43 code coverage: enabled 2021/05/02 00:33:43 comparison tracing: enabled 2021/05/02 00:33:43 extra coverage: enabled 2021/05/02 00:33:43 setuid sandbox: enabled 2021/05/02 00:33:43 namespace sandbox: enabled 2021/05/02 00:33:43 Android sandbox: /sys/fs/selinux/policy does not exist 2021/05/02 00:33:43 fault injection: enabled 2021/05/02 00:33:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/02 00:33:43 net packet injection: enabled 2021/05/02 00:33:43 net device setup: enabled 2021/05/02 00:33:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/05/02 00:33:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/02 00:33:43 USB emulation: enabled 2021/05/02 00:33:43 hci packet injection: enabled 2021/05/02 00:33:43 wifi device emulation: enabled 2021/05/02 00:33:43 802.15.4 emulation: enabled 2021/05/02 00:33:43 fetching corpus: 0, signal 0/2000 (executing program) [ 73.982530][ T8443] ================================================================== [ 73.990929][ T8443] BUG: KASAN: use-after-free in __skb_datagram_iter+0x6b8/0x770 [ 73.998794][ T8443] Read of size 4 at addr ffff888032aa0004 by task syz-fuzzer/8443 [ 74.006807][ T8443] [ 74.009181][ T8443] CPU: 0 PID: 8443 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210423-syzkaller #0 [ 74.018872][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.029312][ T8443] Call Trace: [ 74.032772][ T8443] dump_stack+0x141/0x1d7 [ 74.037342][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.042830][ T8443] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 74.050234][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.055547][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.061160][ T8443] kasan_report.cold+0x7c/0xd8 [ 74.066064][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.071576][ T8443] __skb_datagram_iter+0x6b8/0x770 [ 74.077584][ T8443] ? zerocopy_sg_from_iter+0x110/0x110 [ 74.084131][ T8443] skb_copy_datagram_iter+0x40/0x50 [ 74.090466][ T8443] tcp_recvmsg_locked+0x1048/0x22f0 [ 74.095794][ T8443] ? tcp_splice_read+0x8b0/0x8b0 [ 74.100999][ T8443] ? mark_held_locks+0x9f/0xe0 [ 74.105775][ T8443] ? __local_bh_enable_ip+0xa0/0x120 [ 74.111264][ T8443] tcp_recvmsg+0x134/0x550 [ 74.115786][ T8443] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 74.121566][ T8443] ? aa_sk_perm+0x311/0xab0 [ 74.126762][ T8443] inet_recvmsg+0x11b/0x5e0 [ 74.131283][ T8443] ? inet_sendpage+0x140/0x140 [ 74.136816][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.143347][ T8443] ? security_socket_recvmsg+0x8f/0xc0 [ 74.148989][ T8443] sock_read_iter+0x33c/0x470 [ 74.154313][ T8443] ? ____sys_recvmsg+0x600/0x600 [ 74.159459][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.166634][ T8443] ? fsnotify+0xa58/0x1060 [ 74.171348][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.178567][ T8443] new_sync_read+0x5b7/0x6e0 [ 74.183165][ T8443] ? ksys_lseek+0x1b0/0x1b0 [ 74.187764][ T8443] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.193999][ T8443] vfs_read+0x35c/0x570 [ 74.198403][ T8443] ksys_read+0x1ee/0x250 [ 74.202726][ T8443] ? vfs_write+0xa40/0xa40 [ 74.207222][ T8443] ? syscall_enter_from_user_mode+0x27/0x70 [ 74.213297][ T8443] do_syscall_64+0x3a/0xb0 [ 74.217798][ T8443] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.224013][ T8443] RIP: 0033:0x4af19b [ 74.227992][ T8443] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 74.249596][ T8443] RSP: 002b:000000c00016f840 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 74.258640][ T8443] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b [ 74.266890][ T8443] RDX: 0000000000001000 RSI: 000000c0001a8000 RDI: 0000000000000006 [ 74.275320][ T8443] RBP: 000000c00016f890 R08: 0000000000000001 R09: 0000000000000002 [ 74.283909][ T8443] R10: 000000000000338e R11: 0000000000000202 R12: ffffffffffffffff [ 74.292261][ T8443] R13: 0000000000001000 R14: 0000000000000020 R15: 0000000000000020 [ 74.300796][ T8443] [ 74.303121][ T8443] The buggy address belongs to the page: [ 74.308744][ T8443] page:ffffea0000caa800 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x32aa0 [ 74.319634][ T8443] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 74.327223][ T8443] raw: 00fff00000000000 ffffea0000779608 ffffea0000b10c08 0000000000000000 [ 74.336390][ T8443] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 74.345595][ T8443] page dumped because: kasan: bad access detected [ 74.352451][ T8443] [ 74.354799][ T8443] Memory state around the buggy address: [ 74.361613][ T8443] ffff888032a9ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.369986][ T8443] ffff888032a9ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.378153][ T8443] >ffff888032aa0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.386923][ T8443] ^ [ 74.391066][ T8443] ffff888032aa0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.399535][ T8443] ffff888032aa0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 74.408202][ T8443] ================================================================== [ 74.416334][ T8443] Disabling lock debugging due to kernel taint [ 74.423649][ T8443] Kernel panic - not syncing: panic_on_warn set ... [ 74.430425][ T8443] CPU: 1 PID: 8443 Comm: syz-fuzzer Tainted: G B 5.12.0-rc8-next-20210423-syzkaller #0 [ 74.441540][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.451939][ T8443] Call Trace: [ 74.455323][ T8443] dump_stack+0x141/0x1d7 [ 74.459825][ T8443] panic+0x306/0x73d [ 74.463899][ T8443] ? __warn_printk+0xf3/0xf3 [ 74.468669][ T8443] ? preempt_schedule_common+0x59/0xc0 [ 74.474220][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.479733][ T8443] ? preempt_schedule_thunk+0x16/0x18 [ 74.485474][ T8443] ? trace_hardirqs_on+0x38/0x1c0 [ 74.490493][ T8443] ? trace_hardirqs_on+0x51/0x1c0 [ 74.495522][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.500893][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.506169][ T8443] end_report.cold+0x5a/0x5a [ 74.511388][ T8443] kasan_report.cold+0x6a/0xd8 [ 74.516779][ T8443] ? __skb_datagram_iter+0x6b8/0x770 [ 74.522512][ T8443] __skb_datagram_iter+0x6b8/0x770 [ 74.527906][ T8443] ? zerocopy_sg_from_iter+0x110/0x110 [ 74.533654][ T8443] skb_copy_datagram_iter+0x40/0x50 [ 74.539035][ T8443] tcp_recvmsg_locked+0x1048/0x22f0 [ 74.544678][ T8443] ? tcp_splice_read+0x8b0/0x8b0 [ 74.549727][ T8443] ? mark_held_locks+0x9f/0xe0 [ 74.554520][ T8443] ? __local_bh_enable_ip+0xa0/0x120 [ 74.560269][ T8443] tcp_recvmsg+0x134/0x550 [ 74.564713][ T8443] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 74.572861][ T8443] ? aa_sk_perm+0x311/0xab0 [ 74.578699][ T8443] inet_recvmsg+0x11b/0x5e0 [ 74.583586][ T8443] ? inet_sendpage+0x140/0x140 [ 74.588479][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.595192][ T8443] ? security_socket_recvmsg+0x8f/0xc0 [ 74.600657][ T8443] sock_read_iter+0x33c/0x470 [ 74.605332][ T8443] ? ____sys_recvmsg+0x600/0x600 [ 74.610352][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.616588][ T8443] ? fsnotify+0xa58/0x1060 [ 74.621176][ T8443] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.627684][ T8443] new_sync_read+0x5b7/0x6e0 [ 74.632398][ T8443] ? ksys_lseek+0x1b0/0x1b0 [ 74.637151][ T8443] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 74.644456][ T8443] vfs_read+0x35c/0x570 [ 74.648639][ T8443] ksys_read+0x1ee/0x250 [ 74.653571][ T8443] ? vfs_write+0xa40/0xa40 [ 74.657980][ T8443] ? syscall_enter_from_user_mode+0x27/0x70 [ 74.663974][ T8443] do_syscall_64+0x3a/0xb0 [ 74.668600][ T8443] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.674512][ T8443] RIP: 0033:0x4af19b [ 74.678407][ T8443] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 74.698306][ T8443] RSP: 002b:000000c00016f840 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 74.707044][ T8443] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b [ 74.715209][ T8443] RDX: 0000000000001000 RSI: 000000c0001a8000 RDI: 0000000000000006 [ 74.723179][ T8443] RBP: 000000c00016f890 R08: 0000000000000001 R09: 0000000000000002 [ 74.731391][ T8443] R10: 000000000000338e R11: 0000000000000202 R12: ffffffffffffffff [ 74.739360][ T8443] R13: 0000000000001000 R14: 0000000000000020 R15: 0000000000000020 [ 74.749092][ T8443] Kernel Offset: disabled [ 74.754068][ T8443] Rebooting in 86400 seconds..