Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.75' (ECDSA) to the list of known hosts. 2021/05/03 12:04:40 fuzzer started 2021/05/03 12:04:40 dialing manager at 10.128.0.169:44661 2021/05/03 12:04:40 syscalls: 3571 2021/05/03 12:04:40 code coverage: enabled 2021/05/03 12:04:40 comparison tracing: enabled 2021/05/03 12:04:40 extra coverage: enabled 2021/05/03 12:04:40 setuid sandbox: enabled 2021/05/03 12:04:40 namespace sandbox: enabled 2021/05/03 12:04:40 Android sandbox: /sys/fs/selinux/policy does not exist 2021/05/03 12:04:40 fault injection: enabled 2021/05/03 12:04:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/05/03 12:04:40 net packet injection: enabled 2021/05/03 12:04:40 net device setup: enabled 2021/05/03 12:04:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/05/03 12:04:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/05/03 12:04:40 USB emulation: enabled 2021/05/03 12:04:40 hci packet injection: enabled 2021/05/03 12:04:40 wifi device emulation: enabled 2021/05/03 12:04:40 802.15.4 emulation: enabled 2021/05/03 12:04:41 fetching corpus: 50, signal 50456/52346 (executing program) 2021/05/03 12:04:41 fetching corpus: 100, signal 91230/94771 (executing program) 2021/05/03 12:04:41 fetching corpus: 150, signal 114609/119724 (executing program) 2021/05/03 12:04:41 fetching corpus: 200, signal 134620/141204 (executing program) 2021/05/03 12:04:41 fetching corpus: 250, signal 147997/156034 (executing program) syzkaller login: [ 75.558117][ T8476] ================================================================== [ 75.566468][ T8476] BUG: KASAN: use-after-free in __skb_datagram_iter+0x6b8/0x770 [ 75.574114][ T8476] Read of size 4 at addr ffff88802f200004 by task syz-fuzzer/8476 [ 75.581925][ T8476] [ 75.584242][ T8476] CPU: 1 PID: 8476 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210423-syzkaller #0 [ 75.593783][ T8476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.603861][ T8476] Call Trace: [ 75.607156][ T8476] dump_stack+0x141/0x1d7 [ 75.611528][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 75.616831][ T8476] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 75.623879][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 75.629176][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 75.634480][ T8476] kasan_report.cold+0x7c/0xd8 [ 75.639264][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 75.644567][ T8476] __skb_datagram_iter+0x6b8/0x770 [ 75.649698][ T8476] ? zerocopy_sg_from_iter+0x110/0x110 [ 75.655173][ T8476] skb_copy_datagram_iter+0x40/0x50 [ 75.660392][ T8476] tcp_recvmsg_locked+0x1048/0x22f0 [ 75.665624][ T8476] ? tcp_splice_read+0x8b0/0x8b0 [ 75.670580][ T8476] ? mark_held_locks+0x9f/0xe0 [ 75.675372][ T8476] ? __local_bh_enable_ip+0xa0/0x120 [ 75.680706][ T8476] tcp_recvmsg+0x134/0x550 [ 75.685181][ T8476] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 75.690597][ T8476] ? aa_sk_perm+0x311/0xab0 [ 75.695231][ T8476] inet_recvmsg+0x11b/0x5e0 [ 75.699765][ T8476] ? inet_sendpage+0x140/0x140 [ 75.704580][ T8476] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.711035][ T8476] ? security_socket_recvmsg+0x8f/0xc0 [ 75.717327][ T8476] sock_read_iter+0x33c/0x470 [ 75.722074][ T8476] ? ____sys_recvmsg+0x600/0x600 [ 75.727137][ T8476] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.733420][ T8476] ? fsnotify+0xa58/0x1060 [ 75.738052][ T8476] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.744335][ T8476] new_sync_read+0x5b7/0x6e0 [ 75.748951][ T8476] ? ksys_lseek+0x1b0/0x1b0 [ 75.753561][ T8476] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 75.759601][ T8476] vfs_read+0x35c/0x570 [ 75.763801][ T8476] ksys_read+0x1ee/0x250 [ 75.768087][ T8476] ? vfs_write+0xa40/0xa40 [ 75.772525][ T8476] ? syscall_enter_from_user_mode+0x27/0x70 [ 75.778451][ T8476] do_syscall_64+0x3a/0xb0 [ 75.782901][ T8476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 75.788815][ T8476] RIP: 0033:0x4af19b [ 75.792812][ T8476] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 75.812437][ T8476] RSP: 002b:000000c00050d828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 75.820878][ T8476] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b [ 75.828877][ T8476] RDX: 0000000000001000 RSI: 000000c00024b000 RDI: 0000000000000006 [ 75.836861][ T8476] RBP: 000000c00050d878 R08: 0000000000000001 R09: 0000000000000002 [ 75.844845][ T8476] R10: 000000000000594b R11: 0000000000000212 R12: 0000000000005947 [ 75.852848][ T8476] R13: 0000000000000400 R14: 0000000000000004 R15: 0000000000000002 [ 75.860865][ T8476] [ 75.863197][ T8476] The buggy address belongs to the page: [ 75.868854][ T8476] page:ffffea0000bc8000 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x2f200 [ 75.880682][ T8476] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 75.888186][ T8476] raw: 00fff00000000000 ffffea0000c56808 ffff88813fffb978 0000000000000000 [ 75.896825][ T8476] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 75.905424][ T8476] page dumped because: kasan: bad access detected [ 75.911845][ T8476] [ 75.914175][ T8476] Memory state around the buggy address: [ 75.919822][ T8476] ffff88802f1fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.927898][ T8476] ffff88802f1fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 75.935973][ T8476] >ffff88802f200000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.944107][ T8476] ^ [ 75.948211][ T8476] ffff88802f200080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.956288][ T8476] ffff88802f200100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 75.964621][ T8476] ================================================================== [ 75.972694][ T8476] Disabling lock debugging due to kernel taint [ 75.981118][ T8476] Kernel panic - not syncing: panic_on_warn set ... [ 75.987727][ T8476] CPU: 1 PID: 8476 Comm: syz-fuzzer Tainted: G B 5.12.0-rc8-next-20210423-syzkaller #0 [ 75.998673][ T8476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.008741][ T8476] Call Trace: [ 76.012034][ T8476] dump_stack+0x141/0x1d7 [ 76.016500][ T8476] panic+0x306/0x73d [ 76.020420][ T8476] ? __warn_printk+0xf3/0xf3 [ 76.025034][ T8476] ? preempt_schedule_common+0x59/0xc0 [ 76.030513][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 76.035915][ T8476] ? preempt_schedule_thunk+0x16/0x18 [ 76.041302][ T8476] ? trace_hardirqs_on+0x38/0x1c0 [ 76.046367][ T8476] ? trace_hardirqs_on+0x51/0x1c0 [ 76.051420][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 76.056718][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 76.062538][ T8476] end_report.cold+0x5a/0x5a [ 76.067153][ T8476] kasan_report.cold+0x6a/0xd8 [ 76.071938][ T8476] ? __skb_datagram_iter+0x6b8/0x770 [ 76.078110][ T8476] __skb_datagram_iter+0x6b8/0x770 [ 76.083259][ T8476] ? zerocopy_sg_from_iter+0x110/0x110 [ 76.088870][ T8476] skb_copy_datagram_iter+0x40/0x50 [ 76.094082][ T8476] tcp_recvmsg_locked+0x1048/0x22f0 [ 76.099474][ T8476] ? tcp_splice_read+0x8b0/0x8b0 [ 76.104425][ T8476] ? mark_held_locks+0x9f/0xe0 [ 76.109204][ T8476] ? __local_bh_enable_ip+0xa0/0x120 [ 76.114499][ T8476] tcp_recvmsg+0x134/0x550 [ 76.118925][ T8476] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 76.124404][ T8476] ? aa_sk_perm+0x311/0xab0 [ 76.128912][ T8476] inet_recvmsg+0x11b/0x5e0 [ 76.133451][ T8476] ? inet_sendpage+0x140/0x140 [ 76.138234][ T8476] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.144490][ T8476] ? security_socket_recvmsg+0x8f/0xc0 [ 76.149975][ T8476] sock_read_iter+0x33c/0x470 [ 76.154768][ T8476] ? ____sys_recvmsg+0x600/0x600 [ 76.159754][ T8476] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.166023][ T8476] ? fsnotify+0xa58/0x1060 [ 76.170451][ T8476] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.176733][ T8476] new_sync_read+0x5b7/0x6e0 [ 76.181345][ T8476] ? ksys_lseek+0x1b0/0x1b0 [ 76.185859][ T8476] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 76.191865][ T8476] vfs_read+0x35c/0x570 [ 76.196052][ T8476] ksys_read+0x1ee/0x250 [ 76.200306][ T8476] ? vfs_write+0xa40/0xa40 [ 76.204747][ T8476] ? syscall_enter_from_user_mode+0x27/0x70 [ 76.210657][ T8476] do_syscall_64+0x3a/0xb0 [ 76.215108][ T8476] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.221105][ T8476] RIP: 0033:0x4af19b [ 76.225006][ T8476] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 76.244970][ T8476] RSP: 002b:000000c00050d828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 76.253518][ T8476] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b [ 76.261530][ T8476] RDX: 0000000000001000 RSI: 000000c00024b000 RDI: 0000000000000006 [ 76.269543][ T8476] RBP: 000000c00050d878 R08: 0000000000000001 R09: 0000000000000002 [ 76.277528][ T8476] R10: 000000000000594b R11: 0000000000000212 R12: 0000000000005947 [ 76.286120][ T8476] R13: 0000000000000400 R14: 0000000000000004 R15: 0000000000000002 [ 76.294619][ T8476] Kernel Offset: disabled [ 76.298960][ T8476] Rebooting in 86400 seconds..