Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts.
2021/04/29 06:08:14 fuzzer started
2021/04/29 06:08:15 dialing manager at 10.128.0.169:44661
2021/04/29 06:08:15 syscalls: 3571
2021/04/29 06:08:15 code coverage: enabled
2021/04/29 06:08:15 comparison tracing: enabled
2021/04/29 06:08:15 extra coverage: enabled
2021/04/29 06:08:15 setuid sandbox: enabled
2021/04/29 06:08:15 namespace sandbox: enabled
2021/04/29 06:08:15 Android sandbox: /sys/fs/selinux/policy does not exist
2021/04/29 06:08:15 fault injection: enabled
2021/04/29 06:08:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/04/29 06:08:15 net packet injection: enabled
2021/04/29 06:08:15 net device setup: enabled
2021/04/29 06:08:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2021/04/29 06:08:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/04/29 06:08:15 USB emulation: enabled
2021/04/29 06:08:15 hci packet injection: enabled
2021/04/29 06:08:15 wifi device emulation: enabled
2021/04/29 06:08:15 802.15.4 emulation: enabled
2021/04/29 06:08:15 fetching corpus: 0, signal 0/2000 (executing program)
2021/04/29 06:08:15 fetching corpus: 50, signal 59391/63097 (executing program)
2021/04/29 06:08:15 fetching corpus: 100, signal 89270/94566 (executing program)
2021/04/29 06:08:16 fetching corpus: 150, signal 116957/123702 (executing program)
2021/04/29 06:08:16 fetching corpus: 200, signal 139364/147468 (executing program)
syzkaller login: [   70.754392][    T8] BUG: unable to handle page fault for address: ffffffff0000368e
[   70.762166][    T8] #PF: supervisor read access in kernel mode
[   70.768148][    T8] #PF: error_code(0x0000) - not-present page
[   70.774108][    T8] PGD bc8f067 P4D bc8f067 PUD 0 
[   70.779035][    T8] Oops: 0000 [#1] PREEMPT SMP KASAN
[   70.784237][    T8] CPU: 0 PID: 8 Comm: kworker/0:2 Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
[   70.793611][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
2021/04/29 06:08:16 fetching corpus: 250, signal 154635/164110 (executing program)
[   70.803660][    T8] Workqueue: events_power_efficient crda_timeout_work
[   70.810441][    T8] RIP: 0010:restore_regulatory_settings+0x73c/0x1780
[   70.817136][    T8] Code: 26 f9 48 8b 04 24 48 8d b8 48 06 00 00 48 89 f8 48 c1 e8 03 0f b6 04 18 84 c0 74 08 3c 03 0f 8e 6f 0d 00 00 48 8b 04 24 31 ff <8b> a8 48 06 00 00 41 89 ec 41 81 e4 80 00 00 00 44 89 e6 e8 8c fd
[   70.836757][    T8] RSP: 0018:ffffc90000cd7c30 EFLAGS: 00010246
[   70.842835][    T8] RAX: ffffffff00003046 RBX: dffffc0000000000 RCX: 0000000000000000
[   70.850818][    T8] RDX: ffff888012325580 RSI: ffffffff884e0354 RDI: 0000000000000000
[   70.858823][    T8] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff902078c7
[   70.866796][    T8] R10: ffffffff884e03ae R11: 0000000000000030 R12: 0000000000000000
[   70.874771][    T8] R13: dead000000000100 R14: ffffffff8d99a940 R15: ffffffff8d99a940
[   70.882745][    T8] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   70.891665][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.898254][    T8] CR2: ffffffff0000368e CR3: 00000000145b9000 CR4: 00000000001506f0
[   70.906226][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.914183][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.922157][    T8] Call Trace:
[   70.925434][    T8]  ? set_regdom+0xf00/0xf00
[   70.929959][    T8]  crda_timeout_work+0x2c/0x50
[   70.934734][    T8]  process_one_work+0x98d/0x1600
[   70.939689][    T8]  ? pwq_dec_nr_in_flight+0x320/0x320
[   70.940027][    C1] ==================================================================
[   70.945071][    T8]  ? rwlock_bug.part.0+0x90/0x90
[   70.953121][    C1] BUG: KASAN: use-after-free in skb_try_coalesce+0x1335/0x1440
[   70.958031][    T8]  ? _raw_spin_lock_irq+0x41/0x50
[   70.965549][    C1] Write of size 4 at addr ffff88801c460008 by task syz-fuzzer/8422
[   70.970546][    T8]  worker_thread+0x64c/0x1120
[   70.978410][    C1] 
[   70.978418][    C1] CPU: 1 PID: 8422 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
[   70.983065][    T8]  ? __kthread_parkme+0x13f/0x1e0
[   70.985385][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.994897][    T8]  ? process_one_work+0x1600/0x1600
[   70.999898][    C1] Call Trace:
[   70.999909][    C1]  dump_stack+0x141/0x1d7
[   71.009929][    T8]  kthread+0x3b1/0x4a0
[   71.015101][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   71.018364][    T8]  ? __kthread_bind_mask+0xc0/0xc0
[   71.022680][    C1]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   71.026725][    T8]  ret_from_fork+0x1f/0x30
[   71.031898][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   71.036988][    T8] Modules linked in:
[   71.043982][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   71.048381][    T8] 
[   71.048390][    T8] CR2: ffffffff0000368e
[   71.053555][    C1]  kasan_report.cold+0x7c/0xd8
[   71.057436][    T8] ---[ end trace 90075a34672ec380 ]---
[   71.062606][    C1]  ? __sanitizer_cov_trace_cmp8+0x51/0x70
[   71.064912][    T8] RIP: 0010:restore_regulatory_settings+0x73c/0x1780
[   71.069045][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   71.073783][    T8] Code: 26 f9 48 8b 04 24 48 8d b8 48 06 00 00 48 89 f8 48 c1 e8 03 0f b6 04 18 84 c0 74 08 3c 03 0f 8e 6f 0d 00 00 48 8b 04 24 31 ff <8b> a8 48 06 00 00 41 89 ec 41 81 e4 80 00 00 00 44 89 e6 e8 8c fd
[   71.079218][    C1]  skb_try_coalesce+0x1335/0x1440
[   71.084914][    T8] RSP: 0018:ffffc90000cd7c30 EFLAGS: 00010246
[   71.091571][    C1]  tcp_try_coalesce+0x393/0x920
[   71.096737][    T8] 
[   71.096743][    T8] RAX: ffffffff00003046 RBX: dffffc0000000000 RCX: 0000000000000000
[   71.116323][    C1]  ? tcp_urg.part.0+0x2d0/0x2d0
[   71.121328][    T8] RDX: ffff888012325580 RSI: ffffffff884e0354 RDI: 0000000000000000
[   71.127371][    C1]  ? rcu_read_lock_sched_held+0xd/0x70
[   71.132196][    T8] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff902078c7
[   71.134503][    C1]  ? lock_release+0x522/0x720
[   71.142450][    T8] R10: ffffffff884e03ae R11: 0000000000000030 R12: 0000000000000000
[   71.147278][    C1]  ? ktime_get+0x38a/0x470
[   71.155231][    T8] R13: dead000000000100 R14: ffffffff8d99a940 R15: ffffffff8d99a940
[   71.160662][    C1]  ? trace_hardirqs_on+0x5b/0x1c0
[   71.168616][    T8] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   71.173284][    C1]  tcp_queue_rcv+0x8a/0x6e0
[   71.181236][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.185644][    C1]  tcp_rcv_established+0x1756/0x1eb0
[   71.193594][    T8] CR2: ffffffff0000368e CR3: 00000000145b9000 CR4: 00000000001506f0
[   71.198597][    C1]  ? tcp_data_queue+0x4b10/0x4b10
[   71.207499][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   71.211980][    C1]  ? do_raw_spin_lock+0x120/0x2b0
[   71.218539][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   71.223812][    C1]  tcp_v4_do_rcv+0x5d1/0x870
[   71.231769][    T8] Kernel panic - not syncing: Fatal exception
[   71.236771][    C1]  tcp_v4_rcv+0x3298/0x3950
[   71.272745][    C1]  ? tcp_v4_early_demux+0x8f0/0x8f0
[   71.278116][    C1]  ? lock_release+0x720/0x720
[   71.282789][    C1]  ? nf_hook.constprop.0+0x3e8/0x650
[   71.288069][    C1]  ? ip_protocol_deliver_rcu+0xa20/0xa20
[   71.293702][    C1]  ip_protocol_deliver_rcu+0xa7/0xa20
[   71.299073][    C1]  ip_local_deliver_finish+0x20a/0x370
[   71.304533][    C1]  ip_local_deliver+0x1b3/0x200
[   71.309386][    C1]  ip_sublist_rcv_finish+0x9a/0x2c0
[   71.314582][    C1]  ip_list_rcv_finish.constprop.0+0x51e/0x6e0
[   71.320650][    C1]  ? ip_rcv_finish_core.constprop.0+0x1e80/0x1e80
[   71.327061][    C1]  ? ip_list_rcv_finish.constprop.0+0x6e0/0x6e0
[   71.333303][    C1]  ? ip_rcv_core+0x867/0xcb0
[   71.337902][    C1]  ip_list_rcv+0x34e/0x490
[   71.342331][    C1]  ? ip_rcv+0xd0/0xd0
[   71.346309][    C1]  ? ip_rcv+0xd0/0xd0
[   71.350286][    C1]  __netif_receive_skb_list_core+0x549/0x8e0
[   71.356276][    C1]  ? lock_acquire+0x58a/0x740
[   71.360950][    C1]  ? process_backlog+0x6c0/0x6c0
[   71.365893][    C1]  ? ktime_get_with_offset+0x3f2/0x500
[   71.371352][    C1]  netif_receive_skb_list_internal+0x75e/0xd80
[   71.377511][    C1]  ? __netif_receive_skb_list_core+0x8e0/0x8e0
[   71.383793][    C1]  ? virtqueue_get_buf_ctx_split+0x423/0x5f0
[   71.389783][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   71.396039][    C1]  ? detach_buf_split+0x599/0x7b0
[   71.401083][    C1]  ? __sanitizer_cov_trace_cmp2+0x22/0x80
[   71.406808][    C1]  napi_complete_done+0x1f1/0x880
[   71.411835][    C1]  virtnet_poll+0xbeb/0x1180
[   71.416437][    C1]  ? receive_buf+0x6250/0x6250
[   71.421199][    C1]  ? rcu_read_lock_sched_held+0xd/0x70
[   71.426670][    C1]  ? lock_acquire+0x58a/0x740
[   71.431358][    C1]  __napi_poll+0xaf/0x440
[   71.435683][    C1]  net_rx_action+0x801/0xb40
[   71.440268][    C1]  ? napi_threaded_poll+0x5b0/0x5b0
[   71.445460][    C1]  ? sched_clock_cpu+0x18/0x1f0
[   71.450335][    C1]  __do_softirq+0x29b/0x9fe
[   71.454852][    C1]  __irq_exit_rcu+0x136/0x200
[   71.459523][    C1]  irq_exit_rcu+0x5/0x20
[   71.463759][    C1]  common_interrupt+0x51/0xd0
[   71.468434][    C1]  ? asm_common_interrupt+0x8/0x40
[   71.473546][    C1]  asm_common_interrupt+0x1e/0x40
[   71.478577][    C1] RIP: 0033:0x632320
[   71.482461][    C1] Code: 48 8b 6c 24 30 48 83 c4 38 90 c3 e8 1a 85 e3 ff e9 15 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <64> 48 8b 0c 25 f8 ff ff ff 48 3b 61 10 0f 86 40 02 00 00 48 83 ec
[   71.502061][    C1] RSP: 002b:000000c0000a1ae8 EFLAGS: 00000282
[   71.508116][    C1] RAX: 000000c000336028 RBX: 000000c000336000 RCX: 00000000000077ec
[   71.516075][    C1] RDX: 000000c000336000 RSI: 0000000000008000 RDI: 000000000000000b
[   71.524044][    C1] RBP: 000000c0000a1b68 R08: 0000000000000073 R09: 0000000000000099
[   71.532014][    C1] R10: 00000000000077d0 R11: 0000000000007227 R12: 00000000000077cc
[   71.539971][    C1] R13: 0000000000000200 R14: 0000000000000020 R15: 0000000000000004
[   71.547934][    C1] 
[   71.550241][    C1] Allocated by task 135:
[   71.554463][    C1]  kasan_save_stack+0x1b/0x40
[   71.559147][    C1]  __kasan_slab_alloc+0x84/0xa0
[   71.563985][    C1]  kmem_cache_alloc_node+0x269/0x3e0
[   71.569275][    C1]  blk_alloc_queue+0x28/0x700
[   71.573948][    C1]  blk_mq_init_queue+0x44/0xd0
[   71.578701][    C1]  scsi_mq_alloc_queue+0x3e/0x170
[   71.583720][    C1]  scsi_alloc_sdev+0x7ba/0xcf0
[   71.588478][    C1]  scsi_probe_and_add_lun+0x1f77/0x34e0
[   71.594014][    C1]  __scsi_scan_target+0x21f/0xdb0
[   71.599089][    C1]  scsi_scan_channel+0x148/0x1e0
[   71.604031][    C1]  scsi_scan_host_selected+0x2df/0x3b0
[   71.609489][    C1]  do_scsi_scan_host+0x1e8/0x260
[   71.614429][    C1]  do_scan_async+0x3e/0x500
[   71.618928][    C1]  async_run_entry_fn+0x9d/0x550
[   71.623859][    C1]  process_one_work+0x98d/0x1600
[   71.628793][    C1]  worker_thread+0x64c/0x1120
[   71.633464][    C1]  kthread+0x3b1/0x4a0
[   71.637521][    C1]  ret_from_fork+0x1f/0x30
[   71.641931][    C1] 
[   71.644240][    C1] Last potentially related work creation:
[   71.649932][    C1]  kasan_save_stack+0x1b/0x40
[   71.654609][    C1]  kasan_record_aux_stack+0xe5/0x110
[   71.659885][    C1]  call_rcu+0xb1/0x750
[   71.663943][    C1]  kobject_put+0x1c8/0x540
[   71.668365][    C1]  scsi_device_dev_release_usercontext+0x5d6/0xd50
[   71.674860][    C1]  execute_in_process_context+0x37/0x150
[   71.680503][    C1]  device_release+0x9f/0x240
[   71.685083][    C1]  kobject_put+0x1c8/0x540
[   71.689493][    C1]  put_device+0x1b/0x30
[   71.693639][    C1]  __scsi_remove_device+0x1dd/0x3d0
[   71.698835][    C1]  scsi_probe_and_add_lun+0x25d2/0x34e0
[   71.704373][    C1]  __scsi_scan_target+0x21f/0xdb0
[   71.709388][    C1]  scsi_scan_channel+0x148/0x1e0
[   71.714329][    C1]  scsi_scan_host_selected+0x2df/0x3b0
[   71.719799][    C1]  do_scsi_scan_host+0x1e8/0x260
[   71.724731][    C1]  do_scan_async+0x3e/0x500
[   71.729228][    C1]  async_run_entry_fn+0x9d/0x550
[   71.734154][    C1]  process_one_work+0x98d/0x1600
[   71.739088][    C1]  worker_thread+0x64c/0x1120
[   71.743756][    C1]  kthread+0x3b1/0x4a0
[   71.747812][    C1]  ret_from_fork+0x1f/0x30
[   71.752222][    C1] 
[   71.754530][    C1] The buggy address belongs to the object at ffff88801c460000
[   71.754530][    C1]  which belongs to the cache request_queue of size 3424
[   71.768827][    C1] The buggy address is located 8 bytes inside of
[   71.768827][    C1]  3424-byte region [ffff88801c460000, ffff88801c460d60)
[   71.782000][    C1] The buggy address belongs to the page:
[   71.787609][    C1] page:ffffea0000711800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801c466f00 pfn:0x1c460
[   71.799075][    C1] head:ffffea0000711800 order:3 compound_mapcount:0 compound_pincount:0
[   71.807381][    C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   71.815359][    C1] raw: 00fff00000010200 ffffea000070f408 ffff88801570e948 ffff888140c56000
[   71.823936][    C1] raw: ffff88801c466f00 0000000000090000 00000001ffffffff 0000000000000000
[   71.832499][    C1] page dumped because: kasan: bad access detected
[   71.838899][    C1] 
[   71.841206][    C1] Memory state around the buggy address:
[   71.846819][    C1]  ffff88801c45ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   71.854881][    C1]  ffff88801c45ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   71.862928][    C1] >ffff88801c460000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.870973][    C1]                       ^
[   71.875282][    C1]  ffff88801c460080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.883328][    C1]  ffff88801c460100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.891371][    C1] ==================================================================
[   71.900187][    T8] Kernel Offset: disabled
[   71.904508][    T8] Rebooting in 86400 seconds..