Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts. 2021/04/23 20:51:46 fuzzer started 2021/04/23 20:51:47 dialing manager at 10.128.0.169:34587 2021/04/23 20:51:47 syscalls: 1690 2021/04/23 20:51:47 code coverage: enabled 2021/04/23 20:51:47 comparison tracing: enabled 2021/04/23 20:51:47 extra coverage: enabled 2021/04/23 20:51:47 setuid sandbox: enabled 2021/04/23 20:51:47 namespace sandbox: enabled 2021/04/23 20:51:47 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/23 20:51:47 fault injection: enabled 2021/04/23 20:51:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/23 20:51:47 net packet injection: enabled 2021/04/23 20:51:47 net device setup: enabled 2021/04/23 20:51:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/23 20:51:47 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/23 20:51:47 USB emulation: enabled 2021/04/23 20:51:47 hci packet injection: enabled 2021/04/23 20:51:47 wifi device emulation: enabled 2021/04/23 20:51:47 802.15.4 emulation: enabled 2021/04/23 20:51:47 fetching corpus: 0, signal 0/2000 (executing program) 2021/04/23 20:51:47 fetching corpus: 50, signal 37162/40628 (executing program) 2021/04/23 20:51:47 fetching corpus: 100, signal 52651/57509 (executing program) 2021/04/23 20:51:48 fetching corpus: 150, signal 63279/69505 (executing program) 2021/04/23 20:51:48 fetching corpus: 200, signal 70089/77592 (executing program) 2021/04/23 20:51:48 fetching corpus: 250, signal 76003/84772 (executing program) 2021/04/23 20:51:48 fetching corpus: 300, signal 82219/92138 (executing program) 2021/04/23 20:51:48 fetching corpus: 350, signal 87345/98381 (executing program) 2021/04/23 20:51:48 fetching corpus: 400, signal 91968/104072 (executing program) 2021/04/23 20:51:49 fetching corpus: 450, signal 97238/110265 (executing program) 2021/04/23 20:51:49 fetching corpus: 500, signal 101046/115100 (executing program) 2021/04/23 20:51:49 fetching corpus: 550, signal 106178/121058 (executing program) syzkaller login: [ 74.403169][ T8417] ================================================================== [ 74.411849][ T8417] BUG: KASAN: wild-memory-access in copyout.part.0+0xd7/0x110 [ 74.419730][ T8417] Read of size 64 at addr 108548c02b4b095e by task syz-fuzzer/8417 [ 74.427750][ T8417] [ 74.430089][ T8417] CPU: 1 PID: 8417 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0 [ 74.438437][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.450088][ T8417] Call Trace: [ 74.453407][ T8417] dump_stack+0x141/0x1d7 [ 74.458143][ T8417] ? copyout.part.0+0xd7/0x110 [ 74.462941][ T8417] kasan_report.cold+0x5f/0xd8 [ 74.467747][ T8417] ? copyout.part.0+0xd7/0x110 [ 74.472557][ T8417] kasan_check_range+0x13d/0x180 [ 74.477549][ T8417] copyout.part.0+0xd7/0x110 [ 74.482233][ T8417] _copy_to_iter+0x28a/0xf80 [ 74.487024][ T8417] ? ip_sublist_rcv_finish+0x9a/0x2c0 [ 74.492623][ T8417] ? _copy_from_iter_flushcache+0xa60/0xa60 [ 74.499014][ T8417] ? ip_list_rcv_finish.constprop.0+0x51e/0x6e0 [ 74.505297][ T8417] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.511171][ T8417] ? __virt_addr_valid+0x5d/0x2d0 [ 74.517039][ T8417] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.523317][ T8417] ? __phys_addr_symbol+0x2c/0x70 [ 74.528377][ T8417] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.534829][ T8417] ? __check_object_size+0x18a/0x3f0 [ 74.540659][ T8417] simple_copy_to_iter+0x4c/0x70 [ 74.545653][ T8417] __skb_datagram_iter+0x4a7/0x770 [ 74.552380][ T8417] ? zerocopy_sg_from_iter+0x110/0x110 [ 74.558314][ T8417] skb_copy_datagram_iter+0x40/0x50 [ 74.563559][ T8417] tcp_recvmsg_locked+0x1048/0x22f0 [ 74.568839][ T8417] ? tcp_splice_read+0x8b0/0x8b0 [ 74.573817][ T8417] ? mark_held_locks+0x9f/0xe0 [ 74.578639][ T8417] ? __local_bh_enable_ip+0xa0/0x120 [ 74.583978][ T8417] tcp_recvmsg+0x134/0x550 [ 74.588444][ T8417] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 74.593884][ T8417] ? aa_sk_perm+0x31b/0xab0 [ 74.598717][ T8417] inet_recvmsg+0x11b/0x5d0 [ 74.603260][ T8417] ? inet_sendpage+0x140/0x140 [ 74.608245][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.614558][ T8417] ? security_socket_recvmsg+0x8f/0xc0 [ 74.620067][ T8417] sock_read_iter+0x33c/0x470 [ 74.624791][ T8417] ? ____sys_recvmsg+0x600/0x600 [ 74.629789][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.636248][ T8417] ? fsnotify+0xa16/0x1070 [ 74.640712][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.647267][ T8417] new_sync_read+0x5b7/0x6e0 [ 74.651921][ T8417] ? ksys_lseek+0x1b0/0x1b0 [ 74.656521][ T8417] vfs_read+0x35c/0x570 [ 74.660725][ T8417] ksys_read+0x1ee/0x250 [ 74.665470][ T8417] ? vfs_write+0xa30/0xa30 [ 74.669926][ T8417] ? syscall_enter_from_user_mode+0x27/0x70 [ 74.675892][ T8417] do_syscall_64+0x2d/0x70 [ 74.680360][ T8417] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 74.686520][ T8417] RIP: 0033:0x4af19b [ 74.690486][ T8417] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 74.710158][ T8417] RSP: 002b:000000c00003b828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 74.718613][ T8417] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b [ 74.726797][ T8417] RDX: 0000000000001000 RSI: 000000c000066000 RDI: 0000000000000006 [ 74.734902][ T8417] RBP: 000000c00003b878 R08: 0000000000000001 R09: 0000000000000002 [ 74.742928][ T8417] R10: 0000000000005f07 R11: 0000000000000212 R12: 0000000000005f03 [ 74.751389][ T8417] R13: 0000000000000400 R14: 0000000000000004 R15: 0000000000000002 [ 74.759425][ T8417] ================================================================== [ 74.767531][ T8417] Disabling lock debugging due to kernel taint [ 74.784886][ T8417] Kernel panic - not syncing: panic_on_warn set ... [ 74.791954][ T8417] CPU: 0 PID: 8417 Comm: syz-fuzzer Tainted: G B 5.12.0-rc7-syzkaller #0 [ 74.803111][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.813940][ T8417] Call Trace: [ 74.817332][ T8417] dump_stack+0x141/0x1d7 [ 74.821847][ T8417] panic+0x306/0x73d [ 74.825754][ T8417] ? __warn_printk+0xf3/0xf3 [ 74.830341][ T8417] ? preempt_schedule_common+0x59/0xc0 [ 74.835817][ T8417] ? copyout.part.0+0xd7/0x110 [ 74.840601][ T8417] ? preempt_schedule_thunk+0x16/0x18 [ 74.845990][ T8417] ? trace_hardirqs_on+0x38/0x1c0 [ 74.851901][ T8417] ? trace_hardirqs_on+0x51/0x1c0 [ 74.856929][ T8417] ? copyout.part.0+0xd7/0x110 [ 74.861741][ T8417] ? copyout.part.0+0xd7/0x110 [ 74.866558][ T8417] end_report.cold+0x5a/0x5a [ 74.871240][ T8417] kasan_report.cold+0x6a/0xd8 [ 74.876018][ T8417] ? copyout.part.0+0xd7/0x110 [ 74.880988][ T8417] kasan_check_range+0x13d/0x180 [ 74.886810][ T8417] copyout.part.0+0xd7/0x110 [ 74.891427][ T8417] _copy_to_iter+0x28a/0xf80 [ 74.896530][ T8417] ? ip_sublist_rcv_finish+0x9a/0x2c0 [ 74.902562][ T8417] ? _copy_from_iter_flushcache+0xa60/0xa60 [ 74.921928][ T8417] ? ip_list_rcv_finish.constprop.0+0x51e/0x6e0 [ 74.928475][ T8417] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.934842][ T8417] ? __virt_addr_valid+0x5d/0x2d0 [ 74.939905][ T8417] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.946196][ T8417] ? __phys_addr_symbol+0x2c/0x70 [ 74.951226][ T8417] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 74.957308][ T8417] ? __check_object_size+0x18a/0x3f0 [ 74.964681][ T8417] simple_copy_to_iter+0x4c/0x70 [ 74.969730][ T8417] __skb_datagram_iter+0x4a7/0x770 [ 74.976221][ T8417] ? zerocopy_sg_from_iter+0x110/0x110 [ 74.982665][ T8417] skb_copy_datagram_iter+0x40/0x50 [ 74.990828][ T8417] tcp_recvmsg_locked+0x1048/0x22f0 [ 74.997351][ T8417] ? tcp_splice_read+0x8b0/0x8b0 [ 75.004075][ T8417] ? mark_held_locks+0x9f/0xe0 [ 75.009051][ T8417] ? __local_bh_enable_ip+0xa0/0x120 [ 75.014475][ T8417] tcp_recvmsg+0x134/0x550 [ 75.018959][ T8417] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 75.024525][ T8417] ? aa_sk_perm+0x31b/0xab0 [ 75.029237][ T8417] inet_recvmsg+0x11b/0x5d0 [ 75.034559][ T8417] ? inet_sendpage+0x140/0x140 [ 75.039441][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.046022][ T8417] ? security_socket_recvmsg+0x8f/0xc0 [ 75.051614][ T8417] sock_read_iter+0x33c/0x470 [ 75.056429][ T8417] ? ____sys_recvmsg+0x600/0x600 [ 75.061541][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.068048][ T8417] ? fsnotify+0xa16/0x1070 [ 75.072591][ T8417] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.080890][ T8417] new_sync_read+0x5b7/0x6e0 [ 75.085763][ T8417] ? ksys_lseek+0x1b0/0x1b0 [ 75.091389][ T8417] vfs_read+0x35c/0x570 [ 75.095922][ T8417] ksys_read+0x1ee/0x250 [ 75.113300][ T8417] ? vfs_write+0xa30/0xa30 [ 75.117745][ T8417] ? syscall_enter_from_user_mode+0x27/0x70 [ 75.123677][ T8417] do_syscall_64+0x2d/0x70 [ 75.128131][ T8417] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.134031][ T8417] RIP: 0033:0x4af19b [ 75.137952][ T8417] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 75.158933][ T8417] RSP: 002b:000000c00003b828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 75.167521][ T8417] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b [ 75.175954][ T8417] RDX: 0000000000001000 RSI: 000000c000066000 RDI: 0000000000000006 [ 75.186754][ T8417] RBP: 000000c00003b878 R08: 0000000000000001 R09: 0000000000000002 [ 75.196944][ T8417] R10: 0000000000005f07 R11: 0000000000000212 R12: 0000000000005f03 [ 75.205980][ T8417] R13: 0000000000000400 R14: 0000000000000004 R15: 0000000000000002 [ 75.214434][ T8417] Kernel Offset: disabled [ 75.219014][ T8417] Rebooting in 86400 seconds..