Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. 2021/04/23 20:04:25 fuzzer started 2021/04/23 20:04:25 dialing manager at 10.128.0.169:34587 2021/04/23 20:04:25 syscalls: 1690 2021/04/23 20:04:25 code coverage: enabled 2021/04/23 20:04:25 comparison tracing: enabled 2021/04/23 20:04:25 extra coverage: enabled 2021/04/23 20:04:25 setuid sandbox: enabled 2021/04/23 20:04:25 namespace sandbox: enabled 2021/04/23 20:04:25 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/23 20:04:25 fault injection: enabled 2021/04/23 20:04:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/23 20:04:25 net packet injection: enabled 2021/04/23 20:04:25 net device setup: enabled 2021/04/23 20:04:25 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/23 20:04:25 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/23 20:04:25 USB emulation: enabled 2021/04/23 20:04:25 hci packet injection: enabled 2021/04/23 20:04:25 wifi device emulation: enabled 2021/04/23 20:04:25 802.15.4 emulation: enabled 2021/04/23 20:04:25 fetching corpus: 0, signal 0/2000 (executing program) 2021/04/23 20:04:26 fetching corpus: 50, signal 36325/39789 (executing program) 2021/04/23 20:04:26 fetching corpus: 100, signal 53941/58761 (executing program) 2021/04/23 20:04:26 fetching corpus: 150, signal 63641/69833 (executing program) 2021/04/23 20:04:26 fetching corpus: 200, signal 69437/76963 (executing program) 2021/04/23 20:04:26 fetching corpus: 250, signal 77036/85748 (executing program) syzkaller login: [ 68.758604][ T8386] ================================================================== [ 68.767166][ T8386] BUG: KASAN: use-after-free in __skb_datagram_iter+0x6b8/0x770 [ 68.774850][ T8386] Read of size 4 at addr ffff88802a970004 by task syz-fuzzer/8386 [ 68.782670][ T8386] [ 68.785029][ T8386] CPU: 0 PID: 8386 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0 [ 68.793363][ T8386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.803428][ T8386] Call Trace: [ 68.806718][ T8386] dump_stack+0x141/0x1d7 [ 68.811097][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 68.816401][ T8386] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 68.823450][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 68.829205][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 68.834503][ T8386] kasan_report.cold+0x7c/0xd8 [ 68.839393][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 68.844696][ T8386] __skb_datagram_iter+0x6b8/0x770 [ 68.849829][ T8386] ? zerocopy_sg_from_iter+0x110/0x110 [ 68.855658][ T8386] skb_copy_datagram_iter+0x40/0x50 [ 68.860878][ T8386] tcp_recvmsg_locked+0x1048/0x22f0 [ 68.866109][ T8386] ? tcp_splice_read+0x8b0/0x8b0 [ 68.871057][ T8386] ? mark_held_locks+0x9f/0xe0 [ 68.875855][ T8386] ? __local_bh_enable_ip+0xa0/0x120 [ 68.881267][ T8386] tcp_recvmsg+0x134/0x550 [ 68.885701][ T8386] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 68.891120][ T8386] ? aa_sk_perm+0x31b/0xab0 [ 68.895648][ T8386] inet_recvmsg+0x11b/0x5d0 [ 68.900167][ T8386] ? inet_sendpage+0x140/0x140 [ 68.904944][ T8386] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.911197][ T8386] ? security_socket_recvmsg+0x8f/0xc0 [ 68.916762][ T8386] sock_read_iter+0x33c/0x470 [ 68.921807][ T8386] ? ____sys_recvmsg+0x600/0x600 [ 68.926772][ T8386] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.933044][ T8386] ? fsnotify+0xa16/0x1070 [ 68.937470][ T8386] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 68.943727][ T8386] new_sync_read+0x5b7/0x6e0 [ 68.948359][ T8386] ? ksys_lseek+0x1b0/0x1b0 [ 68.952905][ T8386] vfs_read+0x35c/0x570 [ 68.957080][ T8386] ksys_read+0x1ee/0x250 [ 68.961335][ T8386] ? vfs_write+0xa30/0xa30 [ 68.965785][ T8386] ? syscall_enter_from_user_mode+0x27/0x70 [ 68.971720][ T8386] do_syscall_64+0x2d/0x70 [ 68.976151][ T8386] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.982406][ T8386] RIP: 0033:0x4af19b [ 68.986309][ T8386] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 69.005951][ T8386] RSP: 002b:000000c0000bf828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 69.014385][ T8386] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b [ 69.022366][ T8386] RDX: 0000000000001000 RSI: 000000c000066000 RDI: 0000000000000006 [ 69.030344][ T8386] RBP: 000000c0000bf878 R08: 0000000000000001 R09: 0000000000000002 [ 69.038323][ T8386] R10: 00000000000036cb R11: 0000000000000212 R12: ffffffffffffffff [ 69.046300][ T8386] R13: 0000000000002000 R14: 0000000000000008 R15: 0000000000000008 [ 69.054328][ T8386] [ 69.056656][ T8386] The buggy address belongs to the page: [ 69.062297][ T8386] page:ffffea0000aa5c00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x2a970 [ 69.072720][ T8386] flags: 0xfff00000000000() [ 69.077236][ T8386] raw: 00fff00000000000 ffffea0000526008 ffffea0000aa5808 0000000000000000 [ 69.085852][ T8386] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 69.094436][ T8386] page dumped because: kasan: bad access detected [ 69.100845][ T8386] [ 69.103167][ T8386] Memory state around the buggy address: [ 69.108916][ T8386] ffff88802a96ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.116987][ T8386] ffff88802a96ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.125075][ T8386] >ffff88802a970000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.133139][ T8386] ^ [ 69.137216][ T8386] ffff88802a970080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.145287][ T8386] ffff88802a970100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 69.153348][ T8386] ================================================================== [ 69.161408][ T8386] Disabling lock debugging due to kernel taint [ 69.182325][ T8386] Kernel panic - not syncing: panic_on_warn set ... [ 69.188925][ T8386] CPU: 0 PID: 8386 Comm: syz-fuzzer Tainted: G B 5.12.0-rc7-syzkaller #0 [ 69.198643][ T8386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.209231][ T8386] Call Trace: [ 69.212512][ T8386] dump_stack+0x141/0x1d7 [ 69.216868][ T8386] panic+0x306/0x73d [ 69.220765][ T8386] ? __warn_printk+0xf3/0xf3 [ 69.225357][ T8386] ? preempt_schedule_common+0x59/0xc0 [ 69.230815][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 69.236366][ T8386] ? preempt_schedule_thunk+0x16/0x18 [ 69.241759][ T8386] ? trace_hardirqs_on+0x38/0x1c0 [ 69.246801][ T8386] ? trace_hardirqs_on+0x51/0x1c0 [ 69.251830][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 69.257118][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 69.262406][ T8386] end_report.cold+0x5a/0x5a [ 69.267007][ T8386] kasan_report.cold+0x6a/0xd8 [ 69.271772][ T8386] ? __skb_datagram_iter+0x6b8/0x770 [ 69.277064][ T8386] __skb_datagram_iter+0x6b8/0x770 [ 69.282184][ T8386] ? zerocopy_sg_from_iter+0x110/0x110 [ 69.287657][ T8386] skb_copy_datagram_iter+0x40/0x50 [ 69.292863][ T8386] tcp_recvmsg_locked+0x1048/0x22f0 [ 69.298068][ T8386] ? tcp_splice_read+0x8b0/0x8b0 [ 69.303013][ T8386] ? mark_held_locks+0x9f/0xe0 [ 69.307782][ T8386] ? __local_bh_enable_ip+0xa0/0x120 [ 69.313072][ T8386] tcp_recvmsg+0x134/0x550 [ 69.317516][ T8386] ? tcp_recvmsg_locked+0x22f0/0x22f0 [ 69.322892][ T8386] ? aa_sk_perm+0x31b/0xab0 [ 69.327405][ T8386] inet_recvmsg+0x11b/0x5d0 [ 69.331922][ T8386] ? inet_sendpage+0x140/0x140 [ 69.336706][ T8386] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.342954][ T8386] ? security_socket_recvmsg+0x8f/0xc0 [ 69.348434][ T8386] sock_read_iter+0x33c/0x470 [ 69.353119][ T8386] ? ____sys_recvmsg+0x600/0x600 [ 69.358072][ T8386] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.364317][ T8386] ? fsnotify+0xa16/0x1070 [ 69.368731][ T8386] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.374975][ T8386] new_sync_read+0x5b7/0x6e0 [ 69.379572][ T8386] ? ksys_lseek+0x1b0/0x1b0 [ 69.384087][ T8386] vfs_read+0x35c/0x570 [ 69.388255][ T8386] ksys_read+0x1ee/0x250 [ 69.392501][ T8386] ? vfs_write+0xa30/0xa30 [ 69.396936][ T8386] ? syscall_enter_from_user_mode+0x27/0x70 [ 69.402864][ T8386] do_syscall_64+0x2d/0x70 [ 69.407657][ T8386] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 69.413557][ T8386] RIP: 0033:0x4af19b [ 69.417451][ T8386] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 69.437150][ T8386] RSP: 002b:000000c0000bf828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000 [ 69.445595][ T8386] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b [ 69.453572][ T8386] RDX: 0000000000001000 RSI: 000000c000066000 RDI: 0000000000000006 [ 69.461628][ T8386] RBP: 000000c0000bf878 R08: 0000000000000001 R09: 0000000000000002 [ 69.469599][ T8386] R10: 00000000000036cb R11: 0000000000000212 R12: ffffffffffffffff [ 69.477573][ T8386] R13: 0000000000002000 R14: 0000000000000008 R15: 0000000000000008 [ 69.486112][ T8386] Kernel Offset: disabled [ 69.490444][ T8386] Rebooting in 86400 seconds..