Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts.
2021/04/22 04:03:48 fuzzer started
2021/04/22 04:03:48 dialing manager at 10.128.0.169:36951
2021/04/22 04:03:48 syscalls: 3560
2021/04/22 04:03:48 code coverage: enabled
2021/04/22 04:03:48 comparison tracing: enabled
2021/04/22 04:03:48 extra coverage: enabled
2021/04/22 04:03:48 setuid sandbox: enabled
2021/04/22 04:03:48 namespace sandbox: enabled
2021/04/22 04:03:48 Android sandbox: /sys/fs/selinux/policy does not exist
2021/04/22 04:03:48 fault injection: enabled
2021/04/22 04:03:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/04/22 04:03:48 net packet injection: enabled
2021/04/22 04:03:48 net device setup: enabled
2021/04/22 04:03:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2021/04/22 04:03:48 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/04/22 04:03:48 USB emulation: enabled
2021/04/22 04:03:48 hci packet injection: enabled
2021/04/22 04:03:48 wifi device emulation: enabled
2021/04/22 04:03:48 802.15.4 emulation: enabled
2021/04/22 04:03:48 fetching corpus: 0, signal 0/2000 (executing program)
2021/04/22 04:03:49 fetching corpus: 50, signal 54250/57842 (executing program)
2021/04/22 04:03:49 fetching corpus: 100, signal 90254/95223 (executing program)
2021/04/22 04:03:49 fetching corpus: 150, signal 113896/120173 (executing program)
2021/04/22 04:03:49 fetching corpus: 200, signal 133589/141064 (executing program)
[   71.290055][ T3258] ieee802154 phy0 wpan0: encryption failed: -22
[   71.296575][ T3258] ieee802154 phy1 wpan1: encryption failed: -22
[   71.304741][ T3258] BUG: unable to handle page fault for address: ffffffff0000704e
[   71.312471][ T3258] #PF: supervisor read access in kernel mode
[   71.318451][ T3258] #PF: error_code(0x0000) - not-present page
[   71.324430][ T3258] PGD bc8f067 P4D bc8f067 PUD 0 
[   71.329382][ T3258] Oops: 0000 [#1] PREEMPT SMP KASAN
[   71.333326][    C1] ==================================================================
[   71.334571][ T3258] CPU: 0 PID: 3258 Comm: aoe_tx0 Not tainted 5.12.0-rc8-next-20210421-syzkaller #0
[   71.342621][    C1] BUG: KASAN: use-after-free in skb_try_coalesce+0x1334/0x1440
[   71.351877][ T3258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.359399][    C1] Write of size 4 at addr ffff888032b10008 by task syz-fuzzer/8413
[   71.369442][ T3258] RIP: 0010:__dev_queue_xmit+0x7ce/0x2e50
[   71.377313][    C1] 
[   71.377322][    C1] CPU: 1 PID: 8413 Comm: syz-fuzzer Not tainted 5.12.0-rc8-next-20210421-syzkaller #0
[   71.383008][ T3258] Code: fa 45 84 ed 0f 85 af 0e 00 00 e8 fd df 6a fa 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 d0 21 00 00 <48> 83 3b 00 0f 85 3d 09 00 00 e8 d3 df 6a fa 48 8b 04 24 48 8d b8
[   71.385314][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.394826][ T3258] RSP: 0018:ffffc90002bffc78 EFLAGS: 00010246
[   71.414409][    C1] Call Trace:
[   71.414422][    C1]  dump_stack+0x141/0x1d7
[   71.424473][ T3258] 
[   71.424479][ T3258] RAX: dffffc0000000000 RBX: ffffffff0000704e RCX: 0000000000000000
[   71.430518][    C1]  ? skb_try_coalesce+0x1334/0x1440
[   71.433781][ T3258] RDX: 1fffffffe0000e09 RSI: ffffffff87099a73 RDI: 0000000000000003
[   71.438089][    C1]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   71.440396][ T3258] RBP: ffff88801ec7d8c0 R08: 0000000000000000 R09: 0000000000000000
[   71.448350][    C1]  ? skb_try_coalesce+0x1334/0x1440
[   71.453543][ T3258] R10: ffffffff8709a983 R11: 0000000000000000 R12: ffff888025258000
[   71.461494][    C1]  ? skb_try_coalesce+0x1334/0x1440
[   71.468505][ T3258] R13: 0000000000000000 R14: 0000000000000020 R15: 0000000000000000
[   71.476458][    C1]  kasan_report.cold+0x7c/0xd8
[   71.481640][ T3258] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   71.489611][    C1]  ? __sanitizer_cov_trace_cmp8+0x51/0x70
[   71.494809][ T3258] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.502765][    C1]  ? skb_try_coalesce+0x1334/0x1440
[   71.507507][ T3258] CR2: ffffffff0000704e CR3: 0000000024ecf000 CR4: 00000000001506f0
[   71.516414][    C1]  skb_try_coalesce+0x1334/0x1440
[   71.522107][ T3258] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   71.528675][    C1]  tcp_try_coalesce+0x393/0x920
[   71.533839][ T3258] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   71.541794][    C1]  ? tcp_urg.part.0+0x2d0/0x2d0
[   71.546794][ T3258] Call Trace:
[   71.546806][ T3258]  ? netdev_core_pick_tx+0x2e0/0x2e0
[   71.554748][    C1]  ? rcu_read_lock_sched_held+0xd/0x70
[   71.559574][ T3258]  ? tx+0x4b/0xb0
[   71.567524][    C1]  ? lock_release+0x522/0x720
[   71.572374][ T3258]  ? lock_downgrade+0x6e0/0x6e0
[   71.575643][    C1]  ? ktime_get+0x38a/0x470
[   71.580916][ T3258]  ? do_raw_spin_lock+0x120/0x2b0
[   71.586362][    C1]  ? trace_hardirqs_on+0x5b/0x1c0
[   71.589985][ T3258]  ? discover_timer+0x60/0x60
[   71.594643][    C1]  tcp_queue_rcv+0x8a/0x6e0
[   71.599469][ T3258]  ? _raw_spin_unlock_irq+0x1f/0x40
[   71.603869][    C1]  tcp_rcv_established+0x1756/0x1eb0
[   71.608872][ T3258]  ? discover_timer+0x60/0x60
[   71.613894][    C1]  ? tcp_data_queue+0x4b10/0x4b10
[   71.618545][ T3258]  tx+0x68/0xb0
[   71.623022][    C1]  ? do_raw_spin_lock+0x120/0x2b0
[   71.628197][ T3258]  kthread+0x1e7/0x3a0
[   71.633459][    C1]  tcp_v4_do_rcv+0x5d1/0x870
[   71.638114][ T3258]  ? ktcomplete+0x300/0x300
[   71.643113][    C1]  tcp_v4_rcv+0x3298/0x3950
[   71.646557][ T3258]  ? wake_up_q+0x100/0x100
[   71.651573][    C1]  ? tcp_v4_early_demux+0x8f0/0x8f0
[   71.655610][ T3258]  ? lockdep_hardirqs_on+0x79/0x100
[   71.660190][    C1]  ? lock_release+0x720/0x720
[   71.664692][ T3258]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   71.669174][    C1]  ? nf_hook.constprop.0+0x3e8/0x650
[   71.673587][ T3258]  ? __kthread_parkme+0x13f/0x1e0
[   71.678761][    C1]  ? ip_protocol_deliver_rcu+0xa20/0xa20
[   71.683936][ T3258]  ? ktcomplete+0x300/0x300
[   71.688591][    C1]  ip_protocol_deliver_rcu+0xa7/0xa20
[   71.694804][ T3258]  kthread+0x3b1/0x4a0
[   71.700071][    C1]  ip_local_deliver_finish+0x20a/0x370
[   71.705066][ T3258]  ? __kthread_bind_mask+0xc0/0xc0
[   71.710787][    C1]  ip_local_deliver+0x1b3/0x200
[   71.715268][ T3258]  ret_from_fork+0x1f/0x30
[   71.720614][    C1]  ip_sublist_rcv_finish+0x9a/0x2c0
[   71.724673][ T3258] Modules linked in:
[   71.730100][    C1]  ip_list_rcv_finish.constprop.0+0x51e/0x6e0
[   71.735186][ T3258] 
[   71.735194][ T3258] CR2: ffffffff0000704e
[   71.740015][    C1]  ? ip_rcv_finish_core.constprop.0+0x1e80/0x1e80
[   71.744411][ T3258] ---[ end trace b8e6a0e636e0bf11 ]---
[   71.749593][    C1]  ? ip_list_rcv_finish.constprop.0+0x6e0/0x6e0
[   71.753464][ T3258] RIP: 0010:__dev_queue_xmit+0x7ce/0x2e50
[   71.759507][    C1]  ? ip_rcv_core+0x867/0xcb0
[   71.761816][ T3258] Code: fa 45 84 ed 0f 85 af 0e 00 00 e8 fd df 6a fa 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 d0 21 00 00 <48> 83 3b 00 0f 85 3d 09 00 00 e8 d3 df 6a fa 48 8b 04 24 48 8d b8
[   71.765956][    C1]  ip_list_rcv+0x34e/0x490
[   71.772340][ T3258] RSP: 0018:ffffc90002bffc78 EFLAGS: 00010246
[   71.779377][    C1]  ? ip_rcv+0xd0/0xd0
[   71.785590][ T3258] 
[   71.785596][ T3258] RAX: dffffc0000000000 RBX: ffffffff0000704e RCX: 0000000000000000
[   71.791290][    C1]  ? ip_rcv+0xd0/0xd0
[   71.795854][ T3258] RDX: 1fffffffe0000e09 RSI: ffffffff87099a73 RDI: 0000000000000003
[   71.815448][    C1]  __netif_receive_skb_list_core+0x549/0x8e0
[   71.819846][ T3258] RBP: ffff88801ec7d8c0 R08: 0000000000000000 R09: 0000000000000000
[   71.825900][    C1]  ? lock_acquire+0x58a/0x740
[   71.829851][ T3258] R10: ffffffff8709a983 R11: 0000000000000000 R12: ffff888025258000
[   71.832164][    C1]  ? process_backlog+0x6c0/0x6c0
[   71.840115][ T3258] R13: 0000000000000000 R14: 0000000000000020 R15: 0000000000000000
[   71.844073][    C1]  ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[   71.852033][ T3258] FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[   71.858003][    C1]  ? ktime_get_with_offset+0x3f2/0x500
[   71.865955][ T3258] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.870618][    C1]  netif_receive_skb_list_internal+0x75e/0xd80
[   71.878585][ T3258] CR2: ffffffff0000704e CR3: 0000000024ecf000 CR4: 00000000001506f0
[   71.883505][    C1]  ? __netif_receive_skb_list_core+0x8e0/0x8e0
[   71.891455][ T3258] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   71.897147][    C1]  ? xdp_linearize_page+0x840/0x840
[   71.906053][ T3258] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   71.911487][    C1]  ? __kprobes_text_end+0x9dd08/0x9dd08
[   71.918051][ T3258] Kernel panic - not syncing: Fatal exception in interrupt
[   71.924203][    C1]  ? detach_buf_split+0x599/0x7b0
[   71.977056][    C1]  napi_complete_done+0x1f1/0x880
[   71.982087][    C1]  virtqueue_napi_complete+0x2c/0xc0
[   71.987368][    C1]  virtnet_poll+0xbbb/0x10b0
[   71.991956][    C1]  ? receive_buf+0x6250/0x6250
[   71.996724][    C1]  ? rcu_read_lock_sched_held+0xd/0x70
[   72.002261][    C1]  ? lock_acquire+0x58a/0x740
[   72.006949][    C1]  __napi_poll+0xaf/0x440
[   72.011281][    C1]  net_rx_action+0x801/0xb40
[   72.015869][    C1]  ? napi_threaded_poll+0x5b0/0x5b0
[   72.021063][    C1]  ? sched_clock_cpu+0x18/0x1f0
[   72.025914][    C1]  __do_softirq+0x29b/0x9fe
[   72.030418][    C1]  __irq_exit_rcu+0x136/0x200
[   72.035091][    C1]  irq_exit_rcu+0x5/0x20
[   72.039328][    C1]  common_interrupt+0x51/0xd0
[   72.044001][    C1]  ? asm_common_interrupt+0x8/0x40
[   72.049105][    C1]  asm_common_interrupt+0x1e/0x40
[   72.054123][    C1] RIP: 0033:0x5e9237
[   72.058009][    C1] Code: 00 00 00 00 c6 44 24 28 00 48 89 44 24 30 48 89 4c 24 38 48 8b 6c 24 10 48 83 c4 18 c3 48 8d 7a 40 31 d2 e8 eb 31 e8 ff eb da <48> 8b 4a 08 48 8b 1a 66 90 48 39 c8 73 25 0f b6 0c 03 48 ff c0 48
[   72.077924][    C1] RSP: 002b:000000c00006da78 EFLAGS: 00000216
[   72.083984][    C1] RAX: 0000000000000029 RBX: 000000000000000f RCX: 000000c000082d80
[   72.091947][    C1] RDX: 000000c000086cc0 RSI: 000000c0004d2000 RDI: 000000000000000e
[   72.099908][    C1] RBP: 000000c00006da88 R08: 0000000000002113 R09: 0000000000000076
[   72.107872][    C1] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000000036b2
[   72.115841][    C1] R13: 0000000000000400 R14: 0000000000000040 R15: 0000000000000008
[   72.123819][    C1] 
[   72.126138][    C1] Allocated by task 6394:
[   72.130470][    C1]  kasan_save_stack+0x1b/0x40
[   72.135174][    C1]  __kasan_kmalloc+0x9b/0xd0
[   72.139769][    C1]  tomoyo_realpath_from_path+0xc3/0x620
[   72.145308][    C1]  tomoyo_path_perm+0x21b/0x400
[   72.150158][    C1]  security_inode_getattr+0xcf/0x140
[   72.155435][    C1]  vfs_statx+0x164/0x390
[   72.159675][    C1]  __do_sys_newlstat+0x91/0x110
[   72.164522][    C1]  do_syscall_64+0x3a/0xb0
[   72.168938][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   72.174823][    C1] 
[   72.177133][    C1] Freed by task 6394:
[   72.181098][    C1]  kasan_save_stack+0x1b/0x40
[   72.185777][    C1]  kasan_set_track+0x1c/0x30
[   72.190366][    C1]  kasan_set_free_info+0x20/0x30
[   72.195294][    C1]  __kasan_slab_free+0xfb/0x130
[   72.200141][    C1]  slab_free_freelist_hook+0xdf/0x240
[   72.205515][    C1]  kfree+0xe5/0x7f0
[   72.209318][    C1]  tomoyo_realpath_from_path+0x191/0x620
[   72.214942][    C1]  tomoyo_path_perm+0x21b/0x400
[   72.219802][    C1]  security_inode_getattr+0xcf/0x140
[   72.225093][    C1]  vfs_statx+0x164/0x390
[   72.229331][    C1]  __do_sys_newlstat+0x91/0x110
[   72.234181][    C1]  do_syscall_64+0x3a/0xb0
[   72.238592][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   72.244478][    C1] 
[   72.246787][    C1] The buggy address belongs to the object at ffff888032b10000
[   72.246787][    C1]  which belongs to the cache kmalloc-4k of size 4096
[   72.260827][    C1] The buggy address is located 8 bytes inside of
[   72.260827][    C1]  4096-byte region [ffff888032b10000, ffff888032b11000)
[   72.274002][    C1] The buggy address belongs to the page:
[   72.279613][    C1] page:ffffea0000cac400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32b10
[   72.289757][    C1] head:ffffea0000cac400 order:3 compound_mapcount:0 compound_pincount:0
[   72.298065][    C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   72.306047][    C1] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888011042140
[   72.314623][    C1] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   72.323189][    C1] page dumped because: kasan: bad access detected
[   72.329582][    C1] 
[   72.331889][    C1] Memory state around the buggy address:
[   72.337501][    C1]  ffff888032b0ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.345899][    C1]  ffff888032b0ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.354095][    C1] >ffff888032b10000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.362144][    C1]                       ^
[   72.366456][    C1]  ffff888032b10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.374530][    C1]  ffff888032b10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.382576][    C1] ==================================================================
[   72.391250][ T3258] Kernel Offset: disabled
[   72.395573][ T3258] Rebooting in 86400 seconds..