Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.104' (ECDSA) to the list of known hosts. 2021/04/25 04:14:46 fuzzer started 2021/04/25 04:14:47 dialing manager at 10.128.0.169:43581 2021/04/25 04:14:47 syscalls: 3560 2021/04/25 04:14:47 code coverage: enabled 2021/04/25 04:14:47 comparison tracing: enabled 2021/04/25 04:14:47 extra coverage: enabled 2021/04/25 04:14:47 setuid sandbox: enabled 2021/04/25 04:14:47 namespace sandbox: enabled 2021/04/25 04:14:47 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/25 04:14:47 fault injection: enabled 2021/04/25 04:14:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/25 04:14:47 net packet injection: enabled 2021/04/25 04:14:47 net device setup: enabled 2021/04/25 04:14:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/25 04:14:47 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/25 04:14:47 USB emulation: enabled 2021/04/25 04:14:47 hci packet injection: enabled 2021/04/25 04:14:47 wifi device emulation: enabled 2021/04/25 04:14:47 802.15.4 emulation: enabled 2021/04/25 04:14:47 fetching corpus: 0, signal 0/2000 (executing program) 2021/04/25 04:14:47 fetching corpus: 50, signal 62467/66151 (executing program) 2021/04/25 04:14:47 fetching corpus: 100, signal 85677/91042 (executing program) 2021/04/25 04:14:48 fetching corpus: 150, signal 104686/111626 (executing program) 2021/04/25 04:14:48 fetching corpus: 200, signal 126387/134799 (executing program) 2021/04/25 04:14:48 fetching corpus: 250, signal 136914/146851 (executing program) 2021/04/25 04:14:48 fetching corpus: 300, signal 145211/156697 (executing program) syzkaller login: [ 72.803023][ T8474] general protection fault, probably for non-canonical address 0xdffffc781ffffd40: 0000 [#1] PREEMPT SMP KASAN [ 72.814916][ T8474] KASAN: probably user-memory-access in range [0x000003c0ffffea00-0x000003c0ffffea07] [ 72.824469][ T8474] CPU: 1 PID: 8474 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210423-syzkaller #0 [ 72.834143][ T8474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.844225][ T8474] RIP: 0010:debug_check_no_obj_freed+0x1d3/0x420 [ 72.850601][ T8474] Code: 39 00 0f 85 0f 02 00 00 48 89 45 08 4d 89 30 4c 89 c7 4d 89 68 08 e8 7c d0 ff ff 48 85 ed 74 2c 49 89 e8 4c 89 c0 48 c1 e8 03 <42> 80 3c 38 00 0f 84 2e ff ff ff 4c 89 c7 4c 89 44 24 38 e8 e5 85 [ 72.870717][ T8474] RSP: 0018:ffffc900016eee70 EFLAGS: 00010002 [ 72.876942][ T8474] RAX: 000000781ffffd40 RBX: ffff88801d6de000 RCX: ffffffff815afd30 [ 72.885113][ T8474] RDX: 1ffffffff2131dfa RSI: 0000000000000004 RDI: ffff888014648018 [ 72.893364][ T8474] RBP: 000003c0ffffea00 R08: 000003c0ffffea00 R09: ffffe8ffffd1dc90 [ 72.901509][ T8474] R10: fffff520002dddbc R11: 000000000000003f R12: 0000000000000004 [ 72.909609][ T8474] R13: dead000000000122 R14: dead000000000100 R15: dffffc0000000000 [ 72.917618][ T8474] FS: 000000c0004a0490(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 72.927956][ T8474] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.934555][ T8474] CR2: 000000c001058010 CR3: 0000000028bb7000 CR4: 00000000001506e0 [ 72.943044][ T8474] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.951665][ T8474] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.960215][ T8474] Call Trace: [ 72.963509][ T8474] ? slab_free_freelist_hook+0x142/0x240 [ 72.970689][ T8474] slab_free_freelist_hook+0x174/0x240 [ 72.976817][ T8474] kmem_cache_free+0x97/0x750 [ 72.981521][ T8474] ? kfree_skbmem+0xef/0x1b0 [ 72.986324][ T8474] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 72.992163][ T8474] ? skb_release_data+0x11b/0x750 [ 72.997229][ T8474] kfree_skbmem+0xef/0x1b0 [ 73.002366][ T8474] consume_skb+0xcf/0x160 [ 73.006990][ T8474] packet_rcv+0xea/0x13e0 [ 73.011829][ T8474] ? run_filter+0x470/0x470 [ 73.016745][ T8474] dev_queue_xmit_nit+0x7a9/0xa90 [ 73.022617][ T8474] dev_hard_start_xmit+0xad/0x920 [ 73.027776][ T8474] sch_direct_xmit+0x2e1/0xbd0 [ 73.032694][ T8474] ? dev_watchdog+0xd00/0xd00 [ 73.037639][ T8474] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 73.044118][ T8474] __qdisc_run+0x4ba/0x15f0 [ 73.048915][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.055519][ T8474] __dev_queue_xmit+0x1390/0x2e50 [ 73.060679][ T8474] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 73.066136][ T8474] ? __ip_finish_output+0x396/0x640 [ 73.071362][ T8474] ? mark_held_locks+0x9f/0xe0 [ 73.076310][ T8474] ? ip_finish_output2+0x15ac/0x2220 [ 73.081609][ T8474] ip_finish_output2+0xef0/0x2220 [ 73.086746][ T8474] ? ip_fragment.constprop.0+0x240/0x240 [ 73.092473][ T8474] ? __ip_finish_output+0x640/0x640 [ 73.097870][ T8474] __ip_finish_output+0x396/0x640 [ 73.103014][ T8474] ip_finish_output+0x35/0x200 [ 73.107859][ T8474] ip_output+0x196/0x310 [ 73.112565][ T8474] __ip_queue_xmit+0x8d3/0x1a30 [ 73.117453][ T8474] __tcp_transmit_skb+0x1889/0x38f0 [ 73.122760][ T8474] ? __tcp_select_window+0xad0/0xad0 [ 73.128074][ T8474] ? mark_held_locks+0x9f/0xe0 [ 73.133664][ T8474] ? __build_skb_around+0x23e/0x2f0 [ 73.138876][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.145230][ T8474] ? __alloc_skb+0x17c/0x340 [ 73.149873][ T8474] __tcp_send_ack.part.0+0x3d6/0x7a0 [ 73.155266][ T8474] ? skb_release_data+0x5e7/0x750 [ 73.160328][ T8474] tcp_send_ack+0x7d/0xa0 [ 73.164687][ T8474] tcp_cleanup_rbuf+0x46c/0x5b0 [ 73.169999][ T8474] tcp_recvmsg_locked+0x7aa/0x22f0 [ 73.175164][ T8474] ? tcp_splice_read+0x8b0/0x8b0 [ 73.180401][ T8474] ? mark_held_locks+0x9f/0xe0 [ 73.185183][ T8474] ? __local_bh_enable_ip+0xa0/0x120 [ 73.190512][ T8474] tcp_recvmsg+0x134/0x550 [ 73.194946][ T8474] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 73.200341][ T8474] ? aa_sk_perm+0x311/0xab0 [ 73.204859][ T8474] inet_recvmsg+0x11b/0x5e0 [ 73.209383][ T8474] ? inet_sendpage+0x140/0x140 [ 73.214158][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.220412][ T8474] ? security_socket_recvmsg+0x8f/0xc0 [ 73.225886][ T8474] sock_read_iter+0x33c/0x470 [ 73.230578][ T8474] ? ____sys_recvmsg+0x600/0x600 [ 73.235524][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.241778][ T8474] ? fsnotify+0xa58/0x1060 [ 73.246211][ T8474] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.252468][ T8474] new_sync_read+0x5b7/0x6e0 [ 73.257086][ T8474] ? ksys_lseek+0x1b0/0x1b0 [ 73.261599][ T8474] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 73.267602][ T8474] vfs_read+0x35c/0x570 [ 73.271794][ T8474] ksys_read+0x1ee/0x250 [ 73.277233][ T8474] ? vfs_write+0xa40/0xa40 [ 73.281666][ T8474] ? syscall_enter_from_user_mode+0x27/0x70 [ 73.288281][ T8474] do_syscall_64+0x3a/0xb0 [ 73.293340][ T8474] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.300512][ T8474] RIP: 0033:0x4af19b [ 73.305370][ T8474] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 73.326045][ T8474] RSP: 002b:000000c0000a1850 EFLAGS: 00000206 ORIG_RAX: 0000000000000000 [ 73.334483][ T8474] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b [ 73.342486][ T8474] RDX: 0000000000001000 RSI: 000000c000208000 RDI: 0000000000000006 [ 73.350674][ T8474] RBP: 000000c0000a18a0 R08: 0000000000000001 R09: 0000000000000002 [ 73.358650][ T8474] R10: 0000000000000607 R11: 0000000000000206 R12: ffffffffffffffff [ 73.366633][ T8474] R13: 0000000000000400 R14: 0000000000000004 R15: 0000000000000004 [ 73.375947][ T8474] Modules linked in: [ 73.379971][ T8474] ---[ end trace 6851efde4685fc76 ]--- [ 73.385721][ T8474] RIP: 0010:debug_check_no_obj_freed+0x1d3/0x420 [ 73.392244][ T8474] Code: 39 00 0f 85 0f 02 00 00 48 89 45 08 4d 89 30 4c 89 c7 4d 89 68 08 e8 7c d0 ff ff 48 85 ed 74 2c 49 89 e8 4c 89 c0 48 c1 e8 03 <42> 80 3c 38 00 0f 84 2e ff ff ff 4c 89 c7 4c 89 44 24 38 e8 e5 85 [ 73.412024][ T8474] RSP: 0018:ffffc900016eee70 EFLAGS: 00010002 [ 73.418212][ T8474] RAX: 000000781ffffd40 RBX: ffff88801d6de000 RCX: ffffffff815afd30 [ 73.426307][ T8474] RDX: 1ffffffff2131dfa RSI: 0000000000000004 RDI: ffff888014648018 [ 73.434298][ T8474] RBP: 000003c0ffffea00 R08: 000003c0ffffea00 R09: ffffe8ffffd1dc90 [ 73.442381][ T8474] R10: fffff520002dddbc R11: 000000000000003f R12: 0000000000000004 [ 73.450380][ T8474] R13: dead000000000122 R14: dead000000000100 R15: dffffc0000000000 [ 73.458375][ T8474] FS: 000000c0004a0490(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 73.467334][ T8474] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.473930][ T8474] CR2: 000000c001058010 CR3: 0000000028bb7000 CR4: 00000000001506e0 [ 73.482534][ T8474] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.490518][ T8474] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.498519][ T8474] Kernel panic - not syncing: Fatal exception in interrupt [ 73.506444][ T8474] Kernel Offset: disabled [ 73.510784][ T8474] Rebooting in 86400 seconds..