Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. 2021/04/23 22:22:59 fuzzer started 2021/04/23 22:23:00 dialing manager at 10.128.0.169:34587 2021/04/23 22:23:00 syscalls: 1690 2021/04/23 22:23:00 code coverage: enabled 2021/04/23 22:23:00 comparison tracing: enabled 2021/04/23 22:23:00 extra coverage: enabled 2021/04/23 22:23:00 setuid sandbox: enabled 2021/04/23 22:23:00 namespace sandbox: enabled 2021/04/23 22:23:00 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/23 22:23:00 fault injection: enabled 2021/04/23 22:23:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/23 22:23:00 net packet injection: enabled 2021/04/23 22:23:00 net device setup: enabled 2021/04/23 22:23:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/23 22:23:00 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/23 22:23:00 USB emulation: enabled 2021/04/23 22:23:00 hci packet injection: enabled 2021/04/23 22:23:00 wifi device emulation: enabled 2021/04/23 22:23:00 802.15.4 emulation: enabled 2021/04/23 22:23:00 fetching corpus: 0, signal 0/2000 (executing program) 2021/04/23 22:23:00 fetching corpus: 50, signal 37164/40641 (executing program) 2021/04/23 22:23:00 fetching corpus: 100, signal 57006/61760 (executing program) 2021/04/23 22:23:00 fetching corpus: 150, signal 68972/74956 (executing program) [ 67.667905][ T8403] ================================================================== [ 67.676324][ T8403] BUG: KASAN: use-after-free in __skb_datagram_iter+0x6b8/0x770 [ 67.684332][ T8403] Read of size 4 at addr ffff88801d808004 by task syz-fuzzer/8403 [ 67.692130][ T8403] [ 67.694622][ T8403] CPU: 1 PID: 8403 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0 [ 67.702938][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.713095][ T8403] Call Trace: [ 67.716485][ T8403] dump_stack+0x141/0x1d7 [ 67.720822][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 67.726129][ T8403] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 67.733165][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 67.738450][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 67.743734][ T8403] kasan_report.cold+0x7c/0xd8 [ 67.748519][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 67.754002][ T8403] __skb_datagram_iter+0x6b8/0x770 [ 67.759496][ T8403] ? zerocopy_sg_from_iter+0x110/0x110 [ 67.764963][ T8403] skb_copy_datagram_iter+0x40/0x50 [ 67.770169][ T8403] tcp_recvmsg_locked+0x1048/0x22f0 [ 67.775384][ T8403] ? tcp_splice_read+0x8b0/0x8b0 [ 67.780337][ T8403] ? mark_held_locks+0x9f/0xe0 [ 67.785128][ T8403] ? __local_bh_enable_ip+0xa0/0x120 [ 67.790416][ T8403] tcp_recvmsg+0x134/0x550 [ 67.795185][ T8403] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 67.800676][ T8403] ? aa_sk_perm+0x31b/0xab0 [ 67.805191][ T8403] inet_recvmsg+0x11b/0x5d0 [ 67.809719][ T8403] ? inet_sendpage+0x140/0x140 [ 67.814490][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.820734][ T8403] ? security_socket_recvmsg+0x8f/0xc0 [ 67.826222][ T8403] sock_read_iter+0x33c/0x470 [ 67.830928][ T8403] ? ____sys_recvmsg+0x600/0x600 [ 67.835871][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.842129][ T8403] ? fsnotify+0xa16/0x1070 [ 67.846655][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 67.852915][ T8403] new_sync_read+0x5b7/0x6e0 [ 67.857507][ T8403] ? ksys_lseek+0x1b0/0x1b0 [ 67.862041][ T8403] vfs_read+0x35c/0x570 [ 67.866196][ T8403] ksys_read+0x1ee/0x250 [ 67.870435][ T8403] ? vfs_write+0xa30/0xa30 [ 67.874870][ T8403] ? syscall_enter_from_user_mode+0x27/0x70 [ 67.880767][ T8403] do_syscall_64+0x2d/0x70 [ 67.885274][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 67.891280][ T8403] RIP: 0033:0x4af19b [ 67.895184][ T8403] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 67.914984][ T8403] RSP: 002b:000000c0004a3868 EFLAGS: 00000216 ORIG_RAX: 0000000000000000 [ 67.923513][ T8403] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b [ 67.931501][ T8403] RDX: 0000000000001000 RSI: 000000c000196000 RDI: 0000000000000006 [ 67.939759][ T8403] RBP: 000000c0004a38b8 R08: 0000000000000001 R09: 0000000000000002 [ 67.947914][ T8403] R10: 00000000000051f7 R11: 0000000000000216 R12: 00000000000051f2 [ 67.955893][ T8403] R13: 0000000000001000 R14: 0000000000000002 R15: 0000000000000002 [ 67.963922][ T8403] [ 67.966460][ T8403] Allocated by task 8391: [ 67.970798][ T8403] kasan_save_stack+0x1b/0x40 [ 67.975479][ T8403] __kasan_kmalloc+0x99/0xc0 [ 67.980257][ T8403] tomoyo_init_log+0x18a/0x1ee0 [ 67.985121][ T8403] tomoyo_supervisor+0x34d/0xf00 [ 67.990158][ T8403] tomoyo_path_permission+0x270/0x3a0 [ 67.995534][ T8403] tomoyo_path_perm+0x2f0/0x400 [ 68.000384][ T8403] security_inode_getattr+0xcf/0x140 [ 68.005679][ T8403] vfs_statx+0x164/0x390 [ 68.009918][ T8403] __do_sys_newfstatat+0x96/0x120 [ 68.014936][ T8403] do_syscall_64+0x2d/0x70 [ 68.019372][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.025266][ T8403] [ 68.027577][ T8403] Freed by task 8270: [ 68.031672][ T8403] kasan_save_stack+0x1b/0x40 [ 68.036345][ T8403] kasan_set_track+0x1c/0x30 [ 68.041030][ T8403] kasan_set_free_info+0x20/0x30 [ 68.045961][ T8403] __kasan_slab_free+0xf5/0x130 [ 68.050817][ T8403] slab_free_freelist_hook+0x92/0x210 [ 68.056268][ T8403] kfree+0xe5/0x7f0 [ 68.060068][ T8403] tomoyo_init_log+0x14f7/0x1ee0 [ 68.065002][ T8403] tomoyo_supervisor+0x34d/0xf00 [ 68.069953][ T8403] tomoyo_path_permission+0x270/0x3a0 [ 68.075318][ T8403] tomoyo_path_perm+0x2f0/0x400 [ 68.080181][ T8403] security_inode_getattr+0xcf/0x140 [ 68.085474][ T8403] vfs_statx+0x164/0x390 [ 68.089706][ T8403] __do_sys_newfstatat+0x96/0x120 [ 68.094740][ T8403] do_syscall_64+0x2d/0x70 [ 68.099147][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.105049][ T8403] [ 68.107377][ T8403] The buggy address belongs to the object at ffff88801d808000 [ 68.107377][ T8403] which belongs to the cache kmalloc-4k of size 4096 [ 68.121435][ T8403] The buggy address is located 4 bytes inside of [ 68.121435][ T8403] 4096-byte region [ffff88801d808000, ffff88801d809000) [ 68.134609][ T8403] The buggy address belongs to the page: [ 68.140241][ T8403] page:ffffea0000760200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d808 [ 68.150388][ T8403] head:ffffea0000760200 order:3 compound_mapcount:0 compound_pincount:0 [ 68.158703][ T8403] flags: 0xfff00000010200(slab|head) [ 68.163998][ T8403] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010842140 [ 68.172574][ T8403] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 68.181143][ T8403] page dumped because: kasan: bad access detected [ 68.187556][ T8403] [ 68.189955][ T8403] Memory state around the buggy address: [ 68.195636][ T8403] ffff88801d807f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.203685][ T8403] ffff88801d807f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.211754][ T8403] >ffff88801d808000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.219817][ T8403] ^ [ 68.223885][ T8403] ffff88801d808080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.231952][ T8403] ffff88801d808100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.239999][ T8403] ================================================================== [ 68.248045][ T8403] Disabling lock debugging due to kernel taint [ 68.255511][ T8403] Kernel panic - not syncing: panic_on_warn set ... [ 68.262124][ T8403] CPU: 0 PID: 8403 Comm: syz-fuzzer Tainted: G B 5.12.0-rc7-syzkaller #0 [ 68.271856][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.281901][ T8403] Call Trace: [ 68.285293][ T8403] dump_stack+0x141/0x1d7 [ 68.289614][ T8403] panic+0x306/0x73d [ 68.293500][ T8403] ? __warn_printk+0xf3/0xf3 [ 68.298164][ T8403] ? preempt_schedule_common+0x59/0xc0 [ 68.303629][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 68.308905][ T8403] ? preempt_schedule_thunk+0x16/0x18 [ 68.314279][ T8403] ? trace_hardirqs_on+0x38/0x1c0 [ 68.319419][ T8403] ? trace_hardirqs_on+0x51/0x1c0 [ 68.324439][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 68.329715][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 68.335006][ T8403] end_report.cold+0x5a/0x5a [ 68.339586][ T8403] kasan_report.cold+0x6a/0xd8 [ 68.344440][ T8403] ? __skb_datagram_iter+0x6b8/0x770 [ 68.349831][ T8403] __skb_datagram_iter+0x6b8/0x770 [ 68.354941][ T8403] ? zerocopy_sg_from_iter+0x110/0x110 [ 68.360407][ T8403] skb_copy_datagram_iter+0x40/0x50 [ 68.365598][ T8403] tcp_recvmsg_locked+0x1048/0x22f0 [ 68.370792][ T8403] ? tcp_splice_read+0x8b0/0x8b0 [ 68.375722][ T8403] ? mark_held_locks+0x9f/0xe0 [ 68.380481][ T8403] ? __local_bh_enable_ip+0xa0/0x120 [ 68.385754][ T8403] tcp_recvmsg+0x134/0x550 [ 68.390160][ T8403] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 68.395522][ T8403] ? aa_sk_perm+0x31b/0xab0 [ 68.400053][ T8403] inet_recvmsg+0x11b/0x5d0 [ 68.404563][ T8403] ? inet_sendpage+0x140/0x140 [ 68.409316][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.415549][ T8403] ? security_socket_recvmsg+0x8f/0xc0 [ 68.421015][ T8403] sock_read_iter+0x33c/0x470 [ 68.425707][ T8403] ? ____sys_recvmsg+0x600/0x600 [ 68.430649][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.436880][ T8403] ? fsnotify+0xa16/0x1070 [ 68.441286][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.447521][ T8403] new_sync_read+0x5b7/0x6e0 [ 68.452112][ T8403] ? ksys_lseek+0x1b0/0x1b0 [ 68.456625][ T8403] vfs_read+0x35c/0x570 [ 68.460771][ T8403] ksys_read+0x1ee/0x250 [ 68.465026][ T8403] ? vfs_write+0xa30/0xa30 [ 68.469431][ T8403] ? syscall_enter_from_user_mode+0x27/0x70 [ 68.475314][ T8403] do_syscall_64+0x2d/0x70 [ 68.479734][ T8403] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.485631][ T8403] RIP: 0033:0x4af19b [ 68.489509][ T8403] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 68.509200][ T8403] RSP: 002b:000000c0004a3868 EFLAGS: 00000216 ORIG_RAX: 0000000000000000 [ 68.517597][ T8403] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b [ 68.525554][ T8403] RDX: 0000000000001000 RSI: 000000c000196000 RDI: 0000000000000006 [ 68.533685][ T8403] RBP: 000000c0004a38b8 R08: 0000000000000001 R09: 0000000000000002 [ 68.541643][ T8403] R10: 00000000000051f7 R11: 0000000000000216 R12: 00000000000051f2 [ 68.549613][ T8403] R13: 0000000000001000 R14: 0000000000000002 R15: 0000000000000002 [ 68.558250][ T8403] Kernel Offset: disabled [ 68.562568][ T8403] Rebooting in 86400 seconds..