Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. 2021/04/21 05:24:23 fuzzer started 2021/04/21 05:24:23 dialing manager at 10.128.0.169:36989 2021/04/21 05:24:23 syscalls: 1690 2021/04/21 05:24:23 code coverage: enabled 2021/04/21 05:24:23 comparison tracing: enabled 2021/04/21 05:24:23 extra coverage: enabled 2021/04/21 05:24:23 setuid sandbox: enabled 2021/04/21 05:24:23 namespace sandbox: enabled 2021/04/21 05:24:23 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/21 05:24:23 fault injection: enabled 2021/04/21 05:24:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/21 05:24:23 net packet injection: enabled 2021/04/21 05:24:23 net device setup: enabled 2021/04/21 05:24:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/21 05:24:23 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/21 05:24:23 USB emulation: enabled 2021/04/21 05:24:23 hci packet injection: enabled 2021/04/21 05:24:23 wifi device emulation: enabled 2021/04/21 05:24:23 802.15.4 emulation: enabled 2021/04/21 05:24:23 fetching corpus: 0, signal 0/2000 (executing program) [ 71.594273][ C1] ================================================================== [ 71.598832][ T8412] BUG: unable to handle page fault for address: ffffea0003ffff88 [ 71.602670][ C1] BUG: KASAN: use-after-free in skb_try_coalesce+0x1334/0x1440 [ 71.610386][ T8412] #PF: supervisor read access in kernel mode [ 71.617930][ C1] Write of size 4 at addr ffff88802dab0008 by task syz-fuzzer/8398 [ 71.623984][ T8412] #PF: error_code(0x0000) - not-present page [ 71.631856][ C1] [ 71.631866][ C1] CPU: 1 PID: 8398 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0 [ 71.637818][ T8412] PGD 13fff8067 [ 71.640125][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.648424][ T8412] P4D 13fff8067 [ 71.651951][ C1] Call Trace: [ 71.651965][ C1] dump_stack+0x141/0x1d7 [ 71.661995][ T8412] PUD 13fff7067 [ 71.665529][ C1] ? skb_try_coalesce+0x1334/0x1440 [ 71.668795][ T8412] PMD 0 [ 71.673109][ C1] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 71.676648][ T8412] [ 71.676657][ T8412] Oops: 0000 [#1] PREEMPT SMP KASAN [ 71.681828][ C1] ? skb_try_coalesce+0x1334/0x1440 [ 71.684669][ T8412] CPU: 0 PID: 8412 Comm: systemd-sysctl Not tainted 5.12.0-rc7-syzkaller #0 [ 71.691667][ C1] ? skb_try_coalesce+0x1334/0x1440 [ 71.693976][ T8412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.699157][ C1] kasan_report.cold+0x7c/0xd8 [ 71.704533][ T8412] RIP: 0010:qlist_free_all+0x85/0xc0 [ 71.713200][ C1] ? __sanitizer_cov_trace_cmp8+0x61/0x70 [ 71.718376][ T8412] Code: 85 ff 74 3b 4c 89 fe 48 85 ed 48 89 ef 75 cb 48 89 f7 48 89 34 24 e8 2a 52 7b ff 48 8b 34 24 48 c1 e8 0c 48 c1 e0 06 4c 01 f0 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 9b 49 [ 71.728411][ C1] ? skb_try_coalesce+0x1334/0x1440 [ 71.733160][ T8412] RSP: 0018:ffffc900016dfc98 EFLAGS: 00010282 [ 71.739400][ C1] skb_try_coalesce+0x1334/0x1440 [ 71.745095][ T8412] [ 71.745103][ T8412] RAX: ffffea0003ffff80 RBX: ffff888027db9100 RCX: 0000000000000000 [ 71.765493][ C1] tcp_try_coalesce+0x393/0x920 [ 71.770673][ T8412] RDX: ffff888021258000 RSI: ffff8880ffffea00 RDI: 0000000000000003 [ 71.776742][ C1] ? mark_held_locks+0x9f/0xe0 [ 71.781737][ T8412] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e [ 71.784047][ C1] ? tcp_urg.part.0+0x2d0/0x2d0 [ 71.791998][ T8412] R10: ffffffff813371ca R11: 000000000000003f R12: dffffc0000000000 [ 71.796832][ C1] ? ktime_get+0x38a/0x470 [ 71.804783][ T8412] R13: ffffc900016dfcd0 R14: ffffea0000000000 R15: ffff8880ffffea00 [ 71.809540][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 71.818452][ T8412] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 71.823290][ C1] tcp_queue_rcv+0x8a/0x6e0 [ 71.831242][ T8412] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.835646][ C1] tcp_rcv_established+0x175e/0x1eb0 [ 71.843689][ T8412] CR2: ffffea0003ffff88 CR3: 000000001c6b4000 CR4: 00000000001506f0 [ 71.848887][ C1] ? tcp_data_queue+0x4b10/0x4b10 [ 71.857795][ T8412] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.862278][ C1] ? do_raw_spin_lock+0x120/0x2b0 [ 71.870052][ T8412] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.875338][ C1] tcp_v4_do_rcv+0x5d1/0x870 [ 71.883291][ T8412] Call Trace: [ 71.883307][ T8412] kasan_quarantine_reduce+0x180/0x200 [ 71.888317][ C1] tcp_v4_rcv+0x3298/0x3950 [ 71.896533][ T8412] __kasan_slab_alloc+0x7f/0x90 [ 71.901548][ C1] ? tcp_v4_early_demux+0x8f0/0x8f0 [ 71.909504][ T8412] kmem_cache_alloc+0x155/0x370 [ 71.914079][ C1] ? lock_release+0x720/0x720 [ 71.917359][ T8412] getname_flags.part.0+0x50/0x4f0 [ 71.922796][ C1] ip_protocol_deliver_rcu+0x5c/0xa20 [ 71.927277][ T8412] getname+0x8e/0xd0 [ 71.932108][ C1] ip_local_deliver_finish+0x20a/0x370 [ 71.937279][ T8412] do_sys_openat2+0xf5/0x420 [ 71.942112][ C1] ip_local_deliver+0x1b3/0x200 [ 71.946782][ T8412] ? build_open_flags+0x6f0/0x6f0 [ 71.951869][ C1] ip_sublist_rcv_finish+0x9a/0x2c0 [ 71.957483][ T8412] ? __context_tracking_exit+0xb8/0xe0 [ 71.961384][ C1] ip_list_rcv_finish.constprop.0+0x51e/0x6e0 [ 71.966820][ T8412] __x64_sys_open+0x119/0x1c0 [ 71.971389][ C1] ? ip_rcv_finish_core.constprop.0+0x1e70/0x1e70 [ 71.976232][ T8412] ? do_sys_open+0x140/0x140 [ 71.981228][ C1] ? ip_list_rcv_finish.constprop.0+0x6e0/0x6e0 [ 71.986408][ T8412] ? __secure_computing+0x104/0x360 [ 71.991860][ C1] ? ip_rcv_core+0x867/0xcb0 [ 71.997988][ T8412] do_syscall_64+0x2d/0x70 [ 72.002655][ C1] ip_list_rcv+0x34e/0x490 [ 72.009046][ T8412] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.013610][ C1] ? ip_rcv+0xd0/0xd0 [ 72.019829][ T8412] RIP: 0033:0x7f389a44b1b7 [ 72.025026][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.025058][ C1] ? find_held_lock+0x2d/0x110 [ 72.029635][ T8412] Code: f3 c3 90 f7 d8 89 05 88 bf 20 00 b8 ff ff ff ff c3 66 90 c7 05 76 bf 20 00 16 00 00 00 b8 ff ff ff ff c3 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 59 bf 20 00 f7 d8 89 01 48 83 [ 72.034024][ C1] ? ip_rcv+0xd0/0xd0 [ 72.038420][ T8412] RSP: 002b:00007ffdb76c7148 EFLAGS: 00000246 [ 72.044293][ C1] __netif_receive_skb_list_core+0x549/0x8e0 [ 72.048248][ T8412] ORIG_RAX: 0000000000000002 [ 72.052644][ C1] ? process_backlog+0x6c0/0x6c0 [ 72.058598][ T8412] RAX: ffffffffffffffda RBX: 00007ffdb76c7230 RCX: 00007f389a44b1b7 [ 72.063339][ C1] ? ktime_get_with_offset+0x3f2/0x500 [ 72.083023][ T8412] RDX: 00007f389a657170 RSI: 0000000000080000 RDI: 00007f389a6534d8 [ 72.086993][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 72.093062][ T8412] RBP: 00007ffdb76c71a0 R08: 0000000000000000 R09: 00007ffdb76c721f [ 72.099028][ C1] netif_receive_skb_list_internal+0x777/0xd70 [ 72.103695][ T8412] R10: 00007ffdb76c7230 R11: 0000000000000246 R12: 00007f389a657170 [ 72.108647][ C1] ? __netif_receive_skb_list_core+0x8e0/0x8e0 [ 72.116605][ T8412] R13: 0000000000000000 R14: 00007ffdb76c721f R15: 0000000000000000 [ 72.122047][ C1] ? xdp_linearize_page+0x840/0x840 [ 72.130009][ T8412] Modules linked in: [ 72.135176][ C1] ? detach_buf_split+0x599/0x7b0 [ 72.143127][ T8412] [ 72.143139][ T8412] CR2: ffffea0003ffff88 [ 72.149263][ C1] napi_complete_done+0x1f1/0x880 [ 72.157220][ T8412] ---[ end trace 1adb9b22f0144dae ]--- [ 72.163383][ C1] virtqueue_napi_complete+0x2c/0xc0 [ 72.171444][ T8412] RIP: 0010:qlist_free_all+0x85/0xc0 [ 72.176636][ C1] virtnet_poll+0xbbb/0x10b0 [ 72.180510][ T8412] Code: 85 ff 74 3b 4c 89 fe 48 85 ed 48 89 ef 75 cb 48 89 f7 48 89 34 24 e8 2a 52 7b ff 48 8b 34 24 48 c1 e8 0c 48 c1 e0 06 4c 01 f0 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 9b 49 [ 72.185529][ C1] ? receive_buf+0x6220/0x6220 [ 72.187843][ T8412] RSP: 0018:ffffc900016dfc98 EFLAGS: 00010282 [ 72.191981][ C1] __napi_poll+0xaf/0x440 [ 72.196981][ T8412] [ 72.196989][ T8412] RAX: ffffea0003ffff80 RBX: ffff888027db9100 RCX: 0000000000000000 [ 72.202417][ C1] net_rx_action+0x801/0xb40 [ 72.207688][ T8412] RDX: ffff888021258000 RSI: ffff8880ffffea00 RDI: 0000000000000003 [ 72.212950][ C1] ? napi_threaded_poll+0x5b0/0x5b0 [ 72.217511][ T8412] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e [ 72.237107][ C1] ? sched_clock_cpu+0x18/0x1f0 [ 72.241861][ T8412] R10: ffffffff813371ca R11: 000000000000003f R12: dffffc0000000000 [ 72.247911][ C1] __do_softirq+0x29b/0x9f6 [ 72.252243][ T8412] R13: ffffc900016dfcd0 R14: ffffea0000000000 R15: ffff8880ffffea00 [ 72.254573][ C1] irq_exit_rcu+0x134/0x200 [ 72.262621][ T8412] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 72.267212][ C1] common_interrupt+0x51/0xd0 [ 72.275279][ T8412] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.280455][ C1] ? asm_common_interrupt+0x8/0x40 [ 72.288408][ T8412] CR2: ffffea0003ffff88 CR3: 000000001c6b4000 CR4: 00000000001506f0 [ 72.293246][ C1] asm_common_interrupt+0x1e/0x40 [ 72.301201][ T8412] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.305683][ C1] RIP: 0033:0x6324a5 [ 72.313630][ T8412] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.318373][ C1] Code: 4c c3 08 4a 8b 1c c3 41 89 c0 c1 e8 09 23 82 20 08 00 00 48 39 c8 0f 83 ce 00 00 00 8b 1c 83 41 89 d9 83 e3 0f 48 39 df 73 0a <48> 89 5c 24 38 e9 d2 fe ff ff 48 85 db 75 76 44 89 46 18 48 89 7e [ 72.327283][ T8412] Kernel panic - not syncing: Fatal exception [ 72.331942][ C1] RSP: 002b:000000c00019bac0 EFLAGS: 00000206 [ 72.409390][ C1] RAX: 000000c000340028 RBX: 000000000000000c RCX: 000000c0000ab200 [ 72.417393][ C1] RDX: 000000c000340028 RSI: 000000c000340000 RDI: 0000000000000007 [ 72.425367][ C1] RBP: 000000c00019bb08 R08: 000000000000003d R09: 000000000000009f [ 72.433339][ C1] R10: 00000000000005ab R11: 0000000000001f1a R12: ffffffffffffffff [ 72.441309][ C1] R13: 0000000000002000 R14: 0000000000000004 R15: 0000000000000002 [ 72.449289][ C1] [ 72.451621][ C1] Allocated by task 6366: [ 72.455935][ C1] kasan_save_stack+0x1b/0x40 [ 72.460722][ C1] __kasan_slab_alloc+0x75/0x90 [ 72.465581][ C1] kmem_cache_alloc+0x155/0x370 [ 72.470521][ C1] getname_flags.part.0+0x50/0x4f0 [ 72.475640][ C1] user_path_at_empty+0xa1/0x100 [ 72.480578][ C1] vfs_statx+0x142/0x390 [ 72.484821][ C1] __do_sys_newlstat+0x91/0x110 [ 72.489774][ C1] do_syscall_64+0x2d/0x70 [ 72.494370][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.500280][ C1] [ 72.502602][ C1] The buggy address belongs to the object at ffff88802dab0000 [ 72.502602][ C1] which belongs to the cache names_cache of size 4096 [ 72.516743][ C1] The buggy address is located 8 bytes inside of [ 72.516743][ C1] 4096-byte region [ffff88802dab0000, ffff88802dab1000) [ 72.529938][ C1] The buggy address belongs to the page: [ 72.535610][ C1] page:ffffea0000b6ac00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802dab0000 pfn:0x2dab0 [ 72.547082][ C1] head:ffffea0000b6ac00 order:3 compound_mapcount:0 compound_pincount:0 [ 72.556114][ C1] flags: 0xfff00000010200(slab|head) [ 72.561427][ C1] raw: 00fff00000010200 ffffea00009e5600 0000000300000003 ffff8880109bd140 [ 72.570018][ C1] raw: ffff88802dab0000 0000000080070005 00000001ffffffff 0000000000000000 [ 72.578602][ C1] page dumped because: kasan: bad access detected [ 72.585014][ C1] [ 72.587425][ C1] Memory state around the buggy address: [ 72.593051][ C1] ffff88802daaff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.601135][ C1] ffff88802daaff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.609204][ C1] >ffff88802dab0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.617266][ C1] ^ [ 72.621596][ C1] ffff88802dab0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.629670][ C1] ffff88802dab0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.637744][ C1] ================================================================== [ 72.646290][ T8412] Kernel Offset: disabled [ 72.650749][ T8412] Rebooting in 86400 seconds..