Warning: Permanently added '10.128.1.124' (ECDSA) to the list of known hosts.
2021/05/01 22:54:55 fuzzer started
2021/05/01 22:54:56 dialing manager at 10.128.0.169:44661
2021/05/01 22:54:56 syscalls: 3571
2021/05/01 22:54:56 code coverage: enabled
2021/05/01 22:54:56 comparison tracing: enabled
2021/05/01 22:54:56 extra coverage: enabled
2021/05/01 22:54:56 setuid sandbox: enabled
2021/05/01 22:54:56 namespace sandbox: enabled
2021/05/01 22:54:56 Android sandbox: /sys/fs/selinux/policy does not exist
2021/05/01 22:54:56 fault injection: enabled
2021/05/01 22:54:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/05/01 22:54:56 net packet injection: enabled
2021/05/01 22:54:56 net device setup: enabled
2021/05/01 22:54:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2021/05/01 22:54:56 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/05/01 22:54:56 USB emulation: enabled
2021/05/01 22:54:56 hci packet injection: enabled
2021/05/01 22:54:56 wifi device emulation: enabled
2021/05/01 22:54:56 802.15.4 emulation: enabled
2021/05/01 22:54:56 fetching corpus: 0, signal 0/2000 (executing program)
syzkaller login: [   66.160627][    C1] ==================================================================
[   66.162704][ T8433] BUG: unable to handle page fault for address: ffffea0003ffff88
[   66.168877][    C1] BUG: KASAN: use-after-free in skb_try_coalesce+0x1335/0x1440
[   66.176610][ T8433] #PF: supervisor read access in kernel mode
[   66.176623][ T8433] #PF: error_code(0x0000) - not-present page
[   66.184130][    C1] Write of size 4 at addr ffff88802f2d0008 by task syz-fuzzer/8425
[   66.190082][ T8433] PGD 13fff8067 P4D 13fff8067 
[   66.196037][    C1] 
[   66.196046][    C1] CPU: 1 PID: 8425 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
[   66.203899][ T8433] PUD 13fff7067 PMD 0 
[   66.208665][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.210981][ T8433] 
[   66.210987][ T8433] Oops: 0000 [#1] PREEMPT SMP KASAN
[   66.220510][    C1] Call Trace:
[   66.224549][ T8433] CPU: 0 PID: 8433 Comm: systemd-udevd Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
[   66.234585][    C1]  dump_stack+0x141/0x1d7
[   66.236899][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.242075][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   66.245336][ T8433] RIP: 0010:qlist_free_all+0x85/0xc0
[   66.255107][    C1]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   66.259412][ T8433] Code: 85 ff 74 3b 4c 89 fe 48 85 ed 48 89 ef 75 cb 48 89 f7 48 89 34 24 e8 4a 2e 7a ff 48 8b 34 24 48 c1 e8 0c 48 c1 e0 06 4c 01 f0 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 9b 49
[   66.269446][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   66.274788][ T8433] RSP: 0018:ffffc9000168f9f0 EFLAGS: 00010282
[   66.280047][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   66.287041][ T8433] 
[   66.287047][ T8433] RAX: ffffea0003ffff80 RBX: ffff88802b358000 RCX: 0000000000000000
[   66.306622][    C1]  kasan_report.cold+0x7c/0xd8
[   66.311794][ T8433] RDX: ffff888025055580 RSI: ffff8880ffffea00 RDI: 0000000000000003
[   66.317835][    C1]  ? __sanitizer_cov_trace_cmp8+0x51/0x70
[   66.323004][ T8433] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e
[   66.325311][    C1]  ? skb_try_coalesce+0x1335/0x1440
[   66.333275][ T8433] R10: ffffffff81342fea R11: 000000000000003f R12: dffffc0000000000
[   66.338012][    C1]  skb_try_coalesce+0x1335/0x1440
[   66.345972][ T8433] R13: ffffc9000168fa28 R14: ffffea0000000000 R15: ffff8880ffffea00
[   66.351688][    C1]  tcp_try_coalesce+0x393/0x920
[   66.359629][ T8433] FS:  00007f08b80558c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   66.364803][    C1]  ? mark_held_locks+0x9f/0xe0
[   66.372750][ T8433] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   66.377745][    C1]  ? tcp_urg.part.0+0x2d0/0x2d0
[   66.385693][ T8433] CR2: ffffea0003ffff88 CR3: 000000001655f000 CR4: 00000000001506f0
[   66.390515][    C1]  ? ktime_get+0x38a/0x470
[   66.399419][ T8433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   66.404158][    C1]  ? lockdep_hardirqs_on+0x79/0x100
[   66.410713][ T8433] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   66.415538][    C1]  tcp_queue_rcv+0x8a/0x6e0
[   66.423487][ T8433] Call Trace:
[   66.423497][ T8433]  kasan_quarantine_reduce+0x180/0x200
[   66.427879][    C1]  tcp_rcv_established+0x1756/0x1eb0
[   66.435828][ T8433]  __kasan_slab_alloc+0x8e/0xa0
[   66.440999][    C1]  ? tcp_data_queue+0x4b10/0x4b10
[   66.448947][ T8433]  __kmalloc+0x1f7/0x330
[   66.453428][    C1]  ? do_raw_spin_lock+0x120/0x2b0
[   66.456710][ T8433]  tomoyo_realpath_from_path+0xc3/0x620
[   66.462154][    C1]  tcp_v4_do_rcv+0x5d1/0x870
[   66.467414][ T8433]  tomoyo_realpath_nofollow+0xc8/0xe0
[   66.472235][    C1]  tcp_v4_rcv+0x3298/0x3950
[   66.477253][ T8433]  ? tomoyo_realpath_from_path+0x620/0x620
[   66.481475][    C1]  ? tcp_v4_early_demux+0x8f0/0x8f0
[   66.486483][ T8433]  ? tomoyo_profile+0x42/0x50
[   66.492001][    C1]  ? lock_release+0x720/0x720
[   66.496573][ T8433]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   66.501934][    C1]  ip_protocol_deliver_rcu+0xa7/0xa20
[   66.506407][ T8433]  ? tomoyo_init_request_info+0xfe/0x370
[   66.512191][    C1]  ip_local_deliver_finish+0x20a/0x370
[   66.517361][ T8433]  tomoyo_find_next_domain+0x280/0x1f80
[   66.522034][    C1]  ip_local_deliver+0x1b3/0x200
[   66.526687][ T8433]  ? tomoyo_dump_page+0x5b0/0x5b0
[   66.532909][    C1]  ip_sublist_rcv_finish+0x9a/0x2c0
[   66.538258][ T8433]  ? lock_downgrade+0x6e0/0x6e0
[   66.543864][    C1]  ip_list_rcv_finish.constprop.0+0x51e/0x6e0
[   66.549295][ T8433]  tomoyo_bprm_check_security+0x121/0x1a0
[   66.554818][    C1]  ? ip_rcv_finish_core.constprop.0+0x1e80/0x1e80
[   66.559638][ T8433]  ? tomoyo_bprm_check_security+0xda/0x1a0
[   66.564636][    C1]  ? ip_list_rcv_finish.constprop.0+0x6e0/0x6e0
[   66.569810][ T8433]  security_bprm_check+0x45/0xa0
[   66.574633][    C1]  ? ip_rcv_core+0x867/0xcb0
[   66.580674][ T8433]  bprm_execve+0x732/0x19b0
[   66.586371][    C1]  ip_list_rcv+0x34e/0x490
[   66.592759][ T8433]  ? open_exec+0x70/0x70
[   66.598538][    C1]  ? ip_rcv+0xd0/0xd0
[   66.604752][ T8433]  do_execveat_common+0x621/0x7c0
[   66.609660][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   66.614231][ T8433]  ? bprm_execve+0x19b0/0x19b0
[   66.618705][    C1]  ? find_held_lock+0x2d/0x110
[   66.623096][ T8433]  ? getname_flags.part.0+0x1dd/0x4f0
[   66.627313][    C1]  ? ip_rcv+0xd0/0xd0
[   66.631272][ T8433]  __x64_sys_execve+0x8f/0xc0
[   66.636270][    C1]  __netif_receive_skb_list_core+0x549/0x8e0
[   66.642224][ T8433]  ? __seccomp_filter+0x1bd/0x15e0
[   66.646967][    C1]  ? process_backlog+0x6c0/0x6c0
[   66.651694][ T8433]  do_syscall_64+0x3a/0xb0
[   66.657039][    C1]  ? ktime_get_with_offset+0x3f2/0x500
[   66.660995][ T8433]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   66.665645][    C1]  ? lockdep_hardirqs_on+0x79/0x100
[   66.671596][ T8433] RIP: 0033:0x7f08b6ea4647
[   66.676682][    C1]  netif_receive_skb_list_internal+0x75e/0xd80
[   66.681593][ T8433] Code: ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 00 00 f7 d8 64 41 89 01 eb d7 0f 1f 84 00 00 00 00 00 b8 3b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 21 08 2e 00 f7 d8 64 89 01 48
[   66.685982][    C1]  ? __netif_receive_skb_list_core+0x8e0/0x8e0
[   66.691412][ T8433] RSP: 002b:00007ffcb5a3afd8 EFLAGS: 00000207
[   66.697277][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   66.702447][ T8433]  ORIG_RAX: 000000000000003b
[   66.706836][    C1]  ? detach_buf_split+0x599/0x7b0
[   66.712961][ T8433] RAX: ffffffffffffffda RBX: 00007ffcb5a3b520 RCX: 00007f08b6ea4647
[   66.732544][    C1]  ? __sanitizer_cov_trace_cmp2+0x22/0x80
[   66.738668][ T8433] RDX: 0000559f86f50f30 RSI: 00007ffcb5a3b520 RDI: 00007ffcb5a3b920
[   66.744711][    C1]  napi_complete_done+0x1f1/0x880
[   66.750933][ T8433] RBP: 000000000000000f R08: 000000000000fefc R09: 0000000000000070
[   66.755602][    C1]  virtnet_poll+0xbeb/0x1180
[   66.760595][ T8433] R10: 0000000000000008 R11: 0000000000000207 R12: 00007ffcb5a3b0a0
[   66.768547][    C1]  ? receive_buf+0x6250/0x6250
[   66.774252][ T8433] R13: 0000000000000012 R14: 0000559f86f50f30 R15: 00007ffcb5a3caf0
[   66.782211][    C1]  __napi_poll+0xaf/0x440
[   66.787209][ T8433] Modules linked in:
[   66.795153][    C1]  net_rx_action+0x801/0xb40
[   66.799714][ T8433] 
[   66.799722][ T8433] CR2: ffffea0003ffff88
[   66.807666][    C1]  ? napi_threaded_poll+0x5b0/0x5b0
[   66.812410][ T8433] ---[ end trace 62a7d19a3414bab7 ]---
[   66.820353][    C1]  ? sched_clock_cpu+0x18/0x1f0
[   66.824652][ T8433] RIP: 0010:qlist_free_all+0x85/0xc0
[   66.828524][    C1]  __do_softirq+0x29b/0x9fe
[   66.833085][ T8433] Code: 85 ff 74 3b 4c 89 fe 48 85 ed 48 89 ef 75 cb 48 89 f7 48 89 34 24 e8 4a 2e 7a ff 48 8b 34 24 48 c1 e8 0c 48 c1 e0 06 4c 01 f0 <48> 8b 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 48 8b 78 18 eb 9b 49
[   66.835393][    C1]  __irq_exit_rcu+0x136/0x200
[   66.839517][ T8433] RSP: 0018:ffffc9000168f9f0 EFLAGS: 00010282
[   66.844688][    C1]  irq_exit_rcu+0x5/0x20
[   66.850118][ T8433] 
[   66.850123][ T8433] RAX: ffffea0003ffff80 RBX: ffff88802b358000 RCX: 0000000000000000
[   66.854945][    C1]  common_interrupt+0x51/0xd0
[   66.860202][ T8433] RDX: ffff888025055580 RSI: ffff8880ffffea00 RDI: 0000000000000003
[   66.864681][    C1]  ? asm_common_interrupt+0x8/0x40
[   66.884263][ T8433] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e
[   66.888924][    C1]  asm_common_interrupt+0x1e/0x40
[   66.894963][ T8433] R10: ffffffff81342fea R11: 000000000000003f R12: dffffc0000000000
[   66.899184][    C1] RIP: 0033:0x42af87
[   66.901489][ T8433] R13: ffffc9000168fa28 R14: ffffea0000000000 R15: ffff8880ffffea00
[   66.909446][    C1] Code: 24 18 01 00 00 48 8b 9c 24 30 01 00 00 31 c0 31 c9 48 c7 c2 ff ff ff ff 31 f6 e9 8c 02 00 00 49 ff c3 4c 89 a4 24 c8 00 00 00 <49> bc 00 00 00 00 00 80 00 00 4d 39 da 0f 8e 63 09 00 00 66 0f 1f
[   66.914095][ T8433] FS:  00007f08b80558c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   66.922047][    C1] RSP: 002b:000000c000073cb8 EFLAGS: 00000206
[   66.927136][ T8433] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   66.935085][    C1] 
[   66.935093][    C1] RAX: 0000000000000000 RBX: 0000000001866d48 RCX: 0000000000002030
[   66.940084][ T8433] CR2: ffffea0003ffff88 CR3: 000000001655f000 CR4: 00000000001506f0
[   66.948034][    C1] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000000b7dd80
[   66.951902][ T8433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   66.959847][    C1] RBP: 000000c000073dd8 R08: 00007fc0f0b07000 R09: 0000000000000000
[   66.979534][ T8433] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   66.988456][    C1] R10: 0000000000004000 R11: 0000000000002706 R12: 0000000406200000
[   66.994501][ T8433] Kernel panic - not syncing: Fatal exception
[   67.001062][    C1] R13: 0000000000000015 R14: 0000000000b7de00 R15: 0000000000000000
[   67.073057][    C1] 
[   67.075367][    C1] Allocated by task 6383:
[   67.079678][    C1]  kasan_save_stack+0x1b/0x40
[   67.084358][    C1]  __kasan_slab_alloc+0x84/0xa0
[   67.089200][    C1]  kmem_cache_alloc+0x219/0x3a0
[   67.094047][    C1]  getname_flags.part.0+0x50/0x4f0
[   67.099158][    C1]  getname_flags+0x9a/0xe0
[   67.103582][    C1]  do_symlinkat+0x86/0x300
[   67.107993][    C1]  do_syscall_64+0x3a/0xb0
[   67.112405][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   67.118294][    C1] 
[   67.120600][    C1] The buggy address belongs to the object at ffff88802f2d0000
[   67.120600][    C1]  which belongs to the cache names_cache of size 4096
[   67.134828][    C1] The buggy address is located 8 bytes inside of
[   67.134828][    C1]  4096-byte region [ffff88802f2d0000, ffff88802f2d1000)
[   67.148006][    C1] The buggy address belongs to the page:
[   67.153615][    C1] page:ffffea0000bcb400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802f2d0000 pfn:0x2f2d0
[   67.165057][    C1] head:ffffea0000bcb400 order:3 compound_mapcount:0 compound_pincount:0
[   67.173374][    C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   67.181365][    C1] raw: 00fff00000010200 ffffea0000673600 0000000300000003 ffff888140004280
[   67.189967][    C1] raw: ffff88802f2d0000 0000000080070005 00000001ffffffff 0000000000000000
[   67.198543][    C1] page dumped because: kasan: bad access detected
[   67.204939][    C1] 
[   67.207245][    C1] Memory state around the buggy address:
[   67.212863][    C1]  ffff88802f2cff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.220912][    C1]  ffff88802f2cff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.228972][    C1] >ffff88802f2d0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.237067][    C1]                       ^
[   67.241389][    C1]  ffff88802f2d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.249456][    C1]  ffff88802f2d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.257519][    C1] ==================================================================
[   67.266166][ T8433] Kernel Offset: disabled
[   67.270484][ T8433] Rebooting in 86400 seconds..