Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
2021/04/23 22:21:42 fuzzer started
2021/04/23 22:21:42 dialing manager at 10.128.0.169:34587
2021/04/23 22:21:42 syscalls: 1690
2021/04/23 22:21:42 code coverage: enabled
2021/04/23 22:21:42 comparison tracing: enabled
2021/04/23 22:21:42 extra coverage: enabled
2021/04/23 22:21:42 setuid sandbox: enabled
2021/04/23 22:21:42 namespace sandbox: enabled
2021/04/23 22:21:42 Android sandbox: /sys/fs/selinux/policy does not exist
2021/04/23 22:21:42 fault injection: enabled
2021/04/23 22:21:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/04/23 22:21:42 net packet injection: enabled
2021/04/23 22:21:42 net device setup: enabled
2021/04/23 22:21:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2021/04/23 22:21:42 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/04/23 22:21:42 USB emulation: enabled
2021/04/23 22:21:42 hci packet injection: enabled
2021/04/23 22:21:42 wifi device emulation: enabled
2021/04/23 22:21:42 802.15.4 emulation: enabled
2021/04/23 22:21:42 fetching corpus: 0, signal 0/2000 (executing program)
syzkaller login: [   67.406631][ T8379] ==================================================================
[   67.413292][ T8388] BUG: unable to handle page fault for address: ffffea0003ffff88
[   67.414874][ T8379] BUG: KASAN: use-after-free in skb_try_coalesce+0x1334/0x1440
[   67.422581][ T8388] #PF: supervisor read access in kernel mode
[   67.430102][ T8379] Write of size 4 at addr ffff888018d30008 by task syz-fuzzer/8379
[   67.436060][ T8388] #PF: error_code(0x0000) - not-present page
[   67.443927][ T8379] 
[   67.443936][ T8379] CPU: 0 PID: 8379 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0
[   67.449887][ T8388] PGD 13fff8067 
[   67.452196][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.460513][ T8388] P4D 13fff8067 
[   67.464042][ T8379] Call Trace:
[   67.464056][ T8379]  dump_stack+0x141/0x1d7
[   67.474079][ T8388] PUD 13fff7067 
[   67.477610][ T8379]  ? skb_try_coalesce+0x1334/0x1440
[   67.480874][ T8388] PMD 0 
[   67.485323][ T8379]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   67.488860][ T8388] 
[   67.488868][ T8388] Oops: 0000 [#1] PREEMPT SMP KASAN
[   67.494042][ T8379]  ? skb_try_coalesce+0x1334/0x1440
[   67.496872][ T8388] CPU: 1 PID: 8388 Comm: ifupdown-hotplu Not tainted 5.12.0-rc7-syzkaller #0
[   67.503869][ T8379]  ? skb_try_coalesce+0x1334/0x1440
[   67.506180][ T8388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.511372][ T8379]  kasan_report.cold+0x7c/0xd8
[   67.516573][ T8388] RIP: 0010:qlist_free_all+0x85/0xc0
[   67.525311][ T8379]  ? __sanitizer_cov_trace_cmp8+0x61/0x70
[   67.530488][ T8388] Code: 85 ff 74 3b 4c 89 fe 48 85 ed 48 89 ef 75 cb 48 89 f7 48 89 34 24 e8 2a 52 7b ff 48 8b 34 24 48 c1 e8 0c 48 c1 e0 06 4c 01 f0 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 9b 49
[   67.540522][ T8379]  ? skb_try_coalesce+0x1334/0x1440
[   67.545260][ T8388] RSP: 0018:ffffc9000167fd90 EFLAGS: 00010282
[   67.550525][ T8379]  skb_try_coalesce+0x1334/0x1440
[   67.556234][ T8388] 
[   67.556241][ T8388] RAX: ffffea0003ffff80 RBX: ffff888011ff4e00 RCX: 0000000000000000
[   67.575833][ T8379]  tcp_try_coalesce+0x393/0x920
[   67.581015][ T8388] RDX: ffff88801fcdb880 RSI: ffff8880ffffea00 RDI: 0000000000000003
[   67.587058][ T8379]  ? mark_held_locks+0x9f/0xe0
[   67.592058][ T8388] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e
[   67.594368][ T8379]  ? tcp_urg.part.0+0x2d0/0x2d0
[   67.602320][ T8388] R10: ffffffff813371ca R11: 000000000000003f R12: dffffc0000000000
[   67.607151][ T8379]  ? ktime_get+0x38a/0x470
[   67.615112][ T8388] R13: ffffc9000167fdc8 R14: ffffea0000000000 R15: ffff8880ffffea00
[   67.619860][ T8379]  ? lockdep_hardirqs_on+0x79/0x100
[   67.627808][ T8388] FS:  00007fc886f5f480(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[   67.632654][ T8379]  tcp_queue_rcv+0x8a/0x6e0
[   67.640626][ T8388] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.645053][ T8379]  tcp_rcv_established+0x175e/0x1eb0
[   67.653002][ T8388] CR2: ffffea0003ffff88 CR3: 000000001d331000 CR4: 00000000001506e0
[   67.658179][ T8379]  ? tcp_data_queue+0x4b10/0x4b10
[   67.667109][ T8388] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.671593][ T8379]  ? mark_held_locks+0x9f/0xe0
[   67.678184][ T8388] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.683473][ T8379]  tcp_v4_do_rcv+0x5d1/0x870
[   67.691450][ T8388] Call Trace:
[   67.691465][ T8388]  kasan_quarantine_reduce+0x180/0x200
[   67.696456][ T8379]  __release_sock+0x134/0x3b0
[   67.704410][ T8388]  __kasan_slab_alloc+0x7f/0x90
[   67.709154][ T8379]  release_sock+0x54/0x1b0
[   67.717107][ T8388]  kmem_cache_alloc+0x155/0x370
[   67.721679][ T8379]  tcp_recvmsg+0x13f/0x550
[   67.724945][ T8388]  prepare_creds+0x3b/0x730
[   67.730378][ T8379]  ? tcp_recvmsg_locked+0x22f0/0x22f0
[   67.735035][ T8388]  do_faccessat+0x3f4/0x850
[   67.739867][ T8379]  ? aa_sk_perm+0x31b/0xab0
[   67.744261][ T8388]  ? stream_open+0x60/0x60
[   67.749116][ T8379]  inet_recvmsg+0x11b/0x5d0
[   67.753511][ T8388]  ? __secure_computing+0x104/0x360
[   67.757992][ T8379]  ? inet_sendpage+0x140/0x140
[   67.763339][ T8388]  do_syscall_64+0x2d/0x70
[   67.767819][ T8379]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   67.772297][ T8388]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   67.776722][ T8379]  ? security_socket_recvmsg+0x8f/0xc0
[   67.781218][ T8388] RIP: 0033:0x7fc886a7cb3a
[   67.786394][ T8379]  sock_read_iter+0x33c/0x470
[   67.791138][ T8388] Code: 41 55 41 54 55 53 48 81 ec 98 00 00 00 f7 c1 ff fc ff ff 0f 85 4f 01 00 00 85 c9 75 33 48 63 ff 48 63 d2 b8 0d 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 ea 00 00 00 89 c3 48 81 c4 98 00 00 00 89
[   67.795531][ T8379]  ? ____sys_recvmsg+0x600/0x600
[   67.801745][ T8388] RSP: 002b:00007ffc26ba8c70 EFLAGS: 00000246
[   67.807620][ T8379]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   67.813062][ T8388]  ORIG_RAX: 000000000000010d
[   67.817457][ T8379]  ? fsnotify+0xa16/0x1070
[   67.822110][ T8388] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc886a7cb3a
[   67.841700][ T8379]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   67.846643][ T8388] RDX: 0000000000000001 RSI: 00005627a4d74238 RDI: ffffffffffffff9c
[   67.852709][ T8379]  new_sync_read+0x5b7/0x6e0
[   67.858921][ T8388] RBP: 00005627a4d74238 R08: 00005627a3215320 R09: 0000000000000001
[   67.863579][ T8379]  ? ksys_lseek+0x1b0/0x1b0
[   67.867970][ T8388] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[   67.875935][ T8379]  vfs_read+0x35c/0x570
[   67.882148][ T8388] R13: 0000000000000000 R14: 00005627a4d74280 R15: 00005627a3215ce4
[   67.890107][ T8379]  ksys_read+0x1ee/0x250
[   67.894684][ T8388] Modules linked in:
[   67.902651][ T8379]  ? vfs_write+0xa30/0xa30
[   67.907131][ T8388] 
[   67.907140][ T8388] CR2: ffffea0003ffff88
[   67.915102][ T8379]  ? syscall_enter_from_user_mode+0x27/0x70
[   67.919243][ T8388] ---[ end trace d5498e3531afad6a ]---
[   67.927192][ T8379]  do_syscall_64+0x2d/0x70
[   67.931432][ T8388] RIP: 0010:qlist_free_all+0x85/0xc0
[   67.935305][ T8379]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   67.939698][ T8388] Code: 85 ff 74 3b 4c 89 fe 48 85 ed 48 89 ef 75 cb 48 89 f7 48 89 34 24 e8 2a 52 7b ff 48 8b 34 24 48 c1 e8 0c 48 c1 e0 06 4c 01 f0 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 9b 49
[   67.942006][ T8379] RIP: 0033:0x4af19b
[   67.946155][ T8388] RSP: 0018:ffffc9000167fd90 EFLAGS: 00010282
[   67.952040][ T8379] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[   67.957474][ T8388] 
[   67.957482][ T8388] RAX: ffffea0003ffff80 RBX: ffff888011ff4e00 RCX: 0000000000000000
[   67.961868][ T8379] RSP: 002b:000000c00047b828 EFLAGS: 00000212
[   67.967152][ T8388] RDX: ffff88801fcdb880 RSI: ffff8880ffffea00 RDI: 0000000000000003
[   67.973023][ T8379]  ORIG_RAX: 0000000000000000
[   67.992620][ T8388] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e
[   67.996502][ T8379] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b
[   68.002551][ T8388] R10: ffffffff813371ca R11: 000000000000003f R12: dffffc0000000000
[   68.022165][ T8379] RDX: 0000000000001000 RSI: 000000c0001aa000 RDI: 0000000000000006
[   68.024497][ T8388] R13: ffffc9000167fdc8 R14: ffffea0000000000 R15: ffff8880ffffea00
[   68.032449][ T8379] RBP: 000000c00047b878 R08: 0000000000000001 R09: 0000000000000002
[   68.038513][ T8388] FS:  00007fc886f5f480(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[   68.046468][ T8379] R10: 00000000000023a2 R11: 0000000000000212 R12: 000000000000239e
[   68.051144][ T8388] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.059123][ T8379] R13: 0000000000000002 R14: 0000000000000002 R15: 0000000000000002
[   68.067091][ T8388] CR2: ffffea0003ffff88 CR3: 000000001d331000 CR4: 00000000001506e0
[   68.075062][ T8379] 
[   68.083022][ T8388] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.090986][ T8379] Allocated by task 6375:
[   68.098943][ T8388] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.107880][ T8379]  kasan_save_stack+0x1b/0x40
[   68.115866][ T8388] Kernel panic - not syncing: Fatal exception
[   68.122614][ T8379]  __kasan_slab_alloc+0x75/0x90
[   68.176626][ T8379]  kmem_cache_alloc+0x155/0x370
[   68.181500][ T8379]  getname_flags.part.0+0x50/0x4f0
[   68.186622][ T8379]  user_path_at_empty+0xa1/0x100
[   68.191573][ T8379]  vfs_statx+0x142/0x390
[   68.195845][ T8379]  __do_sys_newlstat+0x91/0x110
[   68.200702][ T8379]  do_syscall_64+0x2d/0x70
[   68.205130][ T8379]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   68.211042][ T8379] 
[   68.213366][ T8379] The buggy address belongs to the object at ffff888018d30000
[   68.213366][ T8379]  which belongs to the cache names_cache of size 4096
[   68.227505][ T8379] The buggy address is located 8 bytes inside of
[   68.227505][ T8379]  4096-byte region [ffff888018d30000, ffff888018d31000)
[   68.240710][ T8379] The buggy address belongs to the page:
[   68.246342][ T8379] page:ffffea0000634c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888018d30000 pfn:0x18d30
[   68.258862][ T8379] head:ffffea0000634c00 order:3 compound_mapcount:0 compound_pincount:0
[   68.267222][ T8379] flags: 0xfff00000010200(slab|head)
[   68.272555][ T8379] raw: 00fff00000010200 ffffea0000b47208 ffffea000063be08 ffff8880109bd140
[   68.281155][ T8379] raw: ffff888018d30000 0000000000070002 00000001ffffffff 0000000000000000
[   68.289741][ T8379] page dumped because: kasan: bad access detected
[   68.296513][ T8379] 
[   68.298835][ T8379] Memory state around the buggy address:
[   68.304474][ T8379]  ffff888018d2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.312535][ T8379]  ffff888018d2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   68.320606][ T8379] >ffff888018d30000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.328669][ T8379]                       ^
[   68.333008][ T8379]  ffff888018d30080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.341184][ T8379]  ffff888018d30100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.349239][ T8379] ==================================================================
[   68.357797][ T8388] Kernel Offset: disabled
[   68.362124][ T8388] Rebooting in 86400 seconds..