[�[0;32m OK �[0m] Started Getty on tty2.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts.
2021/05/02 06:36:16 fuzzer started
2021/05/02 06:36:17 dialing manager at 10.128.0.169:44661
2021/05/02 06:36:17 syscalls: 3571
2021/05/02 06:36:17 code coverage: enabled
2021/05/02 06:36:17 comparison tracing: enabled
2021/05/02 06:36:17 extra coverage: enabled
2021/05/02 06:36:17 setuid sandbox: enabled
2021/05/02 06:36:17 namespace sandbox: enabled
2021/05/02 06:36:17 Android sandbox: /sys/fs/selinux/policy does not exist
2021/05/02 06:36:17 fault injection: enabled
2021/05/02 06:36:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/05/02 06:36:17 net packet injection: enabled
2021/05/02 06:36:17 net device setup: enabled
2021/05/02 06:36:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2021/05/02 06:36:17 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/05/02 06:36:17 USB emulation: enabled
2021/05/02 06:36:17 hci packet injection: enabled
2021/05/02 06:36:17 wifi device emulation: enabled
2021/05/02 06:36:17 802.15.4 emulation: enabled
2021/05/02 06:36:17 fetching corpus: 0, signal 0/2000 (executing program)
2021/05/02 06:36:17 fetching corpus: 50, signal 44348/48120 (executing program)
2021/05/02 06:36:17 fetching corpus: 100, signal 81948/87312 (executing program)
2021/05/02 06:36:17 fetching corpus: 150, signal 104188/111086 (executing program)
2021/05/02 06:36:18 fetching corpus: 200, signal 122277/130679 (executing program)
2021/05/02 06:36:18 fetching corpus: 250, signal 140512/150317 (executing program)
2021/05/02 06:36:18 fetching corpus: 300, signal 156986/168083 (executing program)
2021/05/02 06:36:18 fetching corpus: 350, signal 169410/181850 (executing program)
2021/05/02 06:36:18 fetching corpus: 400, signal 181828/195545 (executing program)
2021/05/02 06:36:18 fetching corpus: 450, signal 201500/216200 (executing program)
2021/05/02 06:36:19 fetching corpus: 500, signal 211231/227106 (executing program)
syzkaller login: [ 74.759211][ T8435] ==================================================================
[ 74.767575][ T8435] BUG: KASAN: use-after-free in __skb_datagram_iter+0x6b8/0x770
[ 74.775252][ T8435] Read of size 4 at addr ffff88802eca0004 by task syz-fuzzer/8435
[ 74.783318][ T8435]
[ 74.785637][ T8435] CPU: 1 PID: 8435 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
[ 74.795177][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 74.805258][ T8435] Call Trace:
[ 74.808543][ T8435] dump_stack+0x141/0x1d7
[ 74.812889][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 74.818166][ T8435] print_address_description.constprop.0.cold+0x5b/0x2f8
[ 74.825224][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 74.830539][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 74.835847][ T8435] kasan_report.cold+0x7c/0xd8
[ 74.841614][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 74.846929][ T8435] __skb_datagram_iter+0x6b8/0x770
[ 74.852089][ T8435] ? zerocopy_sg_from_iter+0x110/0x110
[ 74.857938][ T8435] skb_copy_datagram_iter+0x40/0x50
[ 74.863172][ T8435] tcp_recvmsg_locked+0x1048/0x22f0
[ 74.868432][ T8435] ? tcp_splice_read+0x8b0/0x8b0
[ 74.873500][ T8435] ? mark_held_locks+0x9f/0xe0
[ 74.878314][ T8435] ? __local_bh_enable_ip+0xa0/0x120
[ 74.883628][ T8435] tcp_recvmsg+0x134/0x550
[ 74.888090][ T8435] ? tcp_recvmsg_locked+0x22f0/0x22f0
[ 74.893492][ T8435] ? aa_sk_perm+0x311/0xab0
[ 74.898207][ T8435] inet_recvmsg+0x11b/0x5e0
[ 74.902749][ T8435] ? inet_sendpage+0x140/0x140
[ 74.907536][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 74.913803][ T8435] ? security_socket_recvmsg+0x8f/0xc0
[ 74.919291][ T8435] sock_read_iter+0x33c/0x470
[ 74.924349][ T8435] ? ____sys_recvmsg+0x600/0x600
[ 74.929316][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 74.935586][ T8435] ? fsnotify+0xa58/0x1060
[ 74.940030][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 74.946312][ T8435] new_sync_read+0x5b7/0x6e0
[ 74.950938][ T8435] ? ksys_lseek+0x1b0/0x1b0
[ 74.955498][ T8435] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 74.961637][ T8435] vfs_read+0x35c/0x570
[ 74.965917][ T8435] ksys_read+0x1ee/0x250
[ 74.972190][ T8435] ? vfs_write+0xa40/0xa40
[ 74.976732][ T8435] ? syscall_enter_from_user_mode+0x27/0x70
[ 74.982658][ T8435] do_syscall_64+0x3a/0xb0
[ 74.987109][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 74.993017][ T8435] RIP: 0033:0x4af19b
[ 74.996940][ T8435] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[ 75.016675][ T8435] RSP: 002b:000000c0000a3828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000
[ 75.025126][ T8435] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b
[ 75.033110][ T8435] RDX: 0000000000001000 RSI: 000000c000220000 RDI: 0000000000000006
[ 75.041092][ T8435] RBP: 000000c0000a3878 R08: 0000000000000001 R09: 0000000000000002
[ 75.049088][ T8435] R10: 0000000000004cab R11: 0000000000000212 R12: 0000000000004ca7
[ 75.057090][ T8435] R13: 0000000000000400 R14: 0000000000000002 R15: 0000000000000002
[ 75.065103][ T8435]
[ 75.067429][ T8435] The buggy address belongs to the page:
[ 75.073052][ T8435] page:ffffea0000bb2800 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x2eca0
[ 75.083476][ T8435] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 75.090615][ T8435] raw: 00fff00000000000 ffffea0000bb1e08 ffff88813fffb978 0000000000000000
[ 75.099212][ T8435] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
[ 75.107800][ T8435] page dumped because: kasan: bad access detected
[ 75.114211][ T8435]
[ 75.116540][ T8435] Memory state around the buggy address:
[ 75.122329][ T8435] ffff88802ec9ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 75.130405][ T8435] ffff88802ec9ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 75.138507][ T8435] >ffff88802eca0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 75.146851][ T8435] ^
[ 75.150930][ T8435] ffff88802eca0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 75.159012][ T8435] ffff88802eca0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 75.167097][ T8435] ==================================================================
[ 75.175164][ T8435] Disabling lock debugging due to kernel taint
[ 75.182861][ T8435] Kernel panic - not syncing: panic_on_warn set ...
[ 75.189549][ T8435] CPU: 1 PID: 8435 Comm: syz-fuzzer Tainted: G B 5.12.0-rc8-next-20210423-syzkaller #0
[ 75.200521][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 75.210763][ T8435] Call Trace:
[ 75.214068][ T8435] dump_stack+0x141/0x1d7
[ 75.218408][ T8435] panic+0x306/0x73d
[ 75.222317][ T8435] ? __warn_printk+0xf3/0xf3
[ 75.227002][ T8435] ? preempt_schedule_common+0x59/0xc0
[ 75.232470][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 75.237775][ T8435] ? preempt_schedule_thunk+0x16/0x18
[ 75.243154][ T8435] ? trace_hardirqs_on+0x38/0x1c0
[ 75.248183][ T8435] ? trace_hardirqs_on+0x51/0x1c0
[ 75.253214][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 75.258504][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 75.263895][ T8435] end_report.cold+0x5a/0x5a
[ 75.268507][ T8435] kasan_report.cold+0x6a/0xd8
[ 75.273287][ T8435] ? __skb_datagram_iter+0x6b8/0x770
[ 75.278582][ T8435] __skb_datagram_iter+0x6b8/0x770
[ 75.283704][ T8435] ? zerocopy_sg_from_iter+0x110/0x110
[ 75.289176][ T8435] skb_copy_datagram_iter+0x40/0x50
[ 75.294383][ T8435] tcp_recvmsg_locked+0x1048/0x22f0
[ 75.299603][ T8435] ? tcp_splice_read+0x8b0/0x8b0
[ 75.304571][ T8435] ? mark_held_locks+0x9f/0xe0
[ 75.309374][ T8435] ? __local_bh_enable_ip+0xa0/0x120
[ 75.314676][ T8435] tcp_recvmsg+0x134/0x550
[ 75.319113][ T8435] ? tcp_recvmsg_locked+0x22f0/0x22f0
[ 75.324517][ T8435] ? aa_sk_perm+0x311/0xab0
[ 75.329042][ T8435] inet_recvmsg+0x11b/0x5e0
[ 75.333572][ T8435] ? inet_sendpage+0x140/0x140
[ 75.338354][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 75.344616][ T8435] ? security_socket_recvmsg+0x8f/0xc0
[ 75.350273][ T8435] sock_read_iter+0x33c/0x470
[ 75.354964][ T8435] ? ____sys_recvmsg+0x600/0x600
[ 75.359925][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 75.366352][ T8435] ? fsnotify+0xa58/0x1060
[ 75.370777][ T8435] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 75.377661][ T8435] new_sync_read+0x5b7/0x6e0
[ 75.382262][ T8435] ? ksys_lseek+0x1b0/0x1b0
[ 75.386777][ T8435] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 75.392779][ T8435] vfs_read+0x35c/0x570
[ 75.396949][ T8435] ksys_read+0x1ee/0x250
[ 75.401197][ T8435] ? vfs_write+0xa40/0xa40
[ 75.405619][ T8435] ? syscall_enter_from_user_mode+0x27/0x70
[ 75.411606][ T8435] do_syscall_64+0x3a/0xb0
[ 75.416036][ T8435] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 75.421955][ T8435] RIP: 0033:0x4af19b
[ 75.425867][ T8435] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[ 75.448713][ T8435] RSP: 002b:000000c0000a3828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000
[ 75.457141][ T8435] RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004af19b
[ 75.465120][ T8435] RDX: 0000000000001000 RSI: 000000c000220000 RDI: 0000000000000006
[ 75.473300][ T8435] RBP: 000000c0000a3878 R08: 0000000000000001 R09: 0000000000000002
[ 75.481376][ T8435] R10: 0000000000004cab R11: 0000000000000212 R12: 0000000000004ca7
[ 75.489363][ T8435] R13: 0000000000000400 R14: 0000000000000002 R15: 0000000000000002
[ 75.497818][ T8435] Kernel Offset: disabled
[ 75.502269][ T8435] Rebooting in 86400 seconds..