Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts.
2021/04/24 00:55:39 fuzzer started
2021/04/24 00:55:39 dialing manager at 10.128.0.169:34587
2021/04/24 00:55:40 syscalls: 1690
2021/04/24 00:55:40 code coverage: enabled
2021/04/24 00:55:40 comparison tracing: enabled
2021/04/24 00:55:40 extra coverage: enabled
2021/04/24 00:55:40 setuid sandbox: enabled
2021/04/24 00:55:40 namespace sandbox: enabled
2021/04/24 00:55:40 Android sandbox: /sys/fs/selinux/policy does not exist
2021/04/24 00:55:40 fault injection: enabled
2021/04/24 00:55:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/04/24 00:55:40 net packet injection: enabled
2021/04/24 00:55:40 net device setup: enabled
2021/04/24 00:55:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2021/04/24 00:55:40 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/04/24 00:55:40 USB emulation: enabled
2021/04/24 00:55:40 hci packet injection: enabled
2021/04/24 00:55:40 wifi device emulation: enabled
2021/04/24 00:55:40 802.15.4 emulation: enabled
2021/04/24 00:55:40 fetching corpus: 0, signal 0/2000 (executing program)
syzkaller login: [ 69.577702][ C1] ------------[ cut here ]------------
[ 69.583495][ C1] refcount_t: underflow; use-after-free.
[ 69.590346][ C1] WARNING: CPU: 1 PID: 8416 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0
[ 69.593666][ T8400] ==================================================================
[ 69.599871][ C1] Modules linked in:
[ 69.607980][ T8400] BUG: KASAN: wild-memory-access in copyout.part.0+0xd7/0x110
[ 69.608014][ T8400] Read of size 496 at addr 108548c0266b0010 by task syz-fuzzer/8400
[ 69.611899][ C1]
[ 69.611911][ C1] CPU: 1 PID: 8416 Comm: systemd-sysctl Not tainted 5.12.0-rc7-syzkaller #0
[ 69.619341][ T8400]
[ 69.619350][ T8400] CPU: 0 PID: 8400 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0
[ 69.619372][ T8400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 69.619386][ T8400] Call Trace:
[ 69.619398][ T8400] dump_stack+0x141/0x1d7
[ 69.627348][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 69.629701][ T8400] ? copyout.part.0+0xd7/0x110
[ 69.629729][ T8400] kasan_report.cold+0x5f/0xd8
[ 69.638788][ C1] RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0
[ 69.641087][ T8400] ? copyout.part.0+0xd7/0x110
[ 69.649447][ C1] Code: e9 db fe ff ff 48 89 df e8 3c de ee fd e9 8a fe ff ff e8 a2 be aa fd 48 c7 c7 40 eb c1 89 c6 05 3c a2 e8 09 01 e8 b8 40 ff 04 <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55
[ 69.659445][ T8400] kasan_check_range+0x13d/0x180
[ 69.659484][ T8400] copyout.part.0+0xd7/0x110
[ 69.662766][ C1] RSP: 0018:ffffc90000dc0e10 EFLAGS: 00010286
[ 69.667117][ T8400] _copy_to_iter+0x28a/0xf80
[ 69.677227][ C1]
[ 69.681942][ T8400] ? tcp_mstamp_refresh+0x12/0xa0
[ 69.686741][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 69.693073][ T8400] ? _copy_from_iter_flushcache+0xa60/0xa60
[ 69.693107][ T8400] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 69.697900][ C1] RDX: ffff888020df54c0 RSI: ffffffff815c5205 RDI: fffff520001b81b4
[ 69.717473][ T8400] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 69.717511][ T8400] ? __virt_addr_valid+0x5d/0x2d0
[ 69.722493][ C1] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[ 69.727084][ T8400] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 69.733176][ C1] R10: ffffffff815bdf9e R11: 0000000000000000 R12: ffff888019930000
[ 69.737708][ T8400] ? __phys_addr_symbol+0x2c/0x70
[ 69.737745][ T8400] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 69.740063][ C1] R13: ffff8880159c25b0 R14: ffff888021e114a0 R15: 0000000000000000
[ 69.745159][ T8400] ? __check_object_size+0x18a/0x3f0
[ 69.753183][ C1] FS: 00007fb2f18558c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[ 69.759031][ T8400] simple_copy_to_iter+0x4c/0x70
[ 69.759076][ T8400] __skb_datagram_iter+0x4a7/0x770
[ 69.765303][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 69.773292][ T8400] ? zerocopy_sg_from_iter+0x110/0x110
[ 69.773339][ T8400] skb_copy_datagram_iter+0x40/0x50
[ 69.779081][ C1] CR2: 000055632c2db268 CR3: 0000000026431000 CR4: 00000000001506e0
[ 69.784067][ T8400] tcp_recvmsg_locked+0x1048/0x22f0
[ 69.792076][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 69.798280][ T8400] ? tcp_splice_read+0x8b0/0x8b0
[ 69.806289][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 69.811408][ T8400] ? mark_held_locks+0x9f/0xe0
[ 69.811443][ T8400] ? __local_bh_enable_ip+0xa0/0x120
[ 69.817161][ C1] Call Trace:
[ 69.817175][ C1]
[ 69.825145][ T8400] tcp_recvmsg+0x134/0x550
[ 69.825184][ T8400] ? tcp_recvmsg_locked+0x22f0/0x22f0
[ 69.830538][ C1] __put_task_struct+0x34f/0x400
[ 69.839405][ T8400] ? aa_sk_perm+0x31b/0xab0
[ 69.839450][ T8400] inet_recvmsg+0x11b/0x5d0
[ 69.844387][ C1] delayed_put_task_struct+0x1f6/0x340
[ 69.849506][ T8400] ? inet_sendpage+0x140/0x140
[ 69.849541][ T8400] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 69.856139][ C1] rcu_core+0x74a/0x12f0
[ 69.861582][ T8400] ? security_socket_recvmsg+0x8f/0xc0
[ 69.861619][ T8400] sock_read_iter+0x33c/0x470
[ 69.861648][ T8400] ? ____sys_recvmsg+0x600/0x600
[ 69.866838][ C1] ? rcu_barrier+0x420/0x420
[ 69.874816][ T8400] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 69.874852][ T8400] ? fsnotify+0xa16/0x1070
[ 69.880141][ C1] __do_softirq+0x29b/0x9f6
[ 69.888067][ T8400] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 69.888111][ T8400] new_sync_read+0x5b7/0x6e0
[ 69.888142][ T8400] ? ksys_lseek+0x1b0/0x1b0
[ 69.893109][ C1] irq_exit_rcu+0x134/0x200
[ 69.901101][ T8400] vfs_read+0x35c/0x570
[ 69.905877][ C1] sysvec_apic_timer_interrupt+0x93/0xc0
[ 69.911171][ T8400] ksys_read+0x1ee/0x250
[ 69.911201][ T8400] ? vfs_write+0xa30/0xa30
[ 69.914482][ C1]
[ 69.918625][ T8400] ? syscall_enter_from_user_mode+0x27/0x70
[ 69.918666][ T8400] do_syscall_64+0x2d/0x70
[ 69.923075][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 69.928437][ T8400] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 69.928469][ T8400] RIP: 0033:0x4af19b
[ 69.928492][ T8400] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[ 69.933454][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70
[ 69.937944][ T8400] RSP: 002b:000000c000451828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000
[ 69.937971][ T8400] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b
[ 69.937986][ T8400] RDX: 0000000000001000 RSI: 000000c0001f8000 RDI: 0000000000000006
[ 69.938003][ T8400] RBP: 000000c000451878 R08: 0000000000000001 R09: 0000000000000002
[ 69.942490][ C1] Code: 74 24 10 e8 ca cd 4d f8 48 89 ef e8 02 84 4e f8 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 e3 51 42 f8 65 8b 05 ac 17 f6 76 85 c0 74 0a 5b 5d c3 e8 50 0d
[ 69.947929][ T8400] R10: 0000000000006ebe R11: 0000000000000212 R12: 0000000000006eb8
[ 69.947947][ T8400] R13: 0000000000001000 R14: 0000000000000008 R15: 0000000000000008
[ 69.947982][ T8400] ==================================================================
[ 69.952723][ C1] RSP: 0018:ffffc900016afa08 EFLAGS: 00000206
[ 69.959047][ T8400] Disabling lock debugging due to kernel taint
[ 70.005657][ T8400] Kernel panic - not syncing: panic_on_warn set ...
[ 70.006362][ C1]
[ 70.006370][ C1] RAX: 0000000000000006 RBX: 0000000000000200 RCX: 1ffffffff1b8bba1
[ 70.010938][ T8400] CPU: 0 PID: 8400 Comm: syz-fuzzer Tainted: G B 5.12.0-rc7-syzkaller #0
[ 70.010960][ T8400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 70.010971][ T8400] Call Trace:
[ 70.010979][ T8400] dump_stack+0x141/0x1d7
[ 70.015466][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 70.019948][ T8400] panic+0x306/0x73d
[ 70.019976][ T8400] ? __warn_printk+0xf3/0xf3
[ 70.024103][ C1] RBP: ffffffff900ade58 R08: 0000000000000001 R09: 0000000000000001
[ 70.029718][ T8400] ? preempt_schedule_common+0x59/0xc0
[ 70.029746][ T8400] ? copyout.part.0+0xd7/0x110
[ 70.033962][ C1] R10: ffffffff8179e5a8 R11: 000000000000003f R12: 1ffffffff2015bca
[ 70.038360][ T8400] ? preempt_schedule_thunk+0x16/0x18
[ 70.038393][ T8400] ? trace_hardirqs_on+0x38/0x1c0
[ 70.041308][ C1] R13: 0000000000000000 R14: dead000000000100 R15: dffffc0000000000
[ 70.047180][ T8400] ? trace_hardirqs_on+0x51/0x1c0
[ 70.051610][ C1] ? trace_hardirqs_on+0x38/0x1c0
[ 70.057541][ T8400] ? copyout.part.0+0xd7/0x110
[ 70.063456][ C1] debug_check_no_obj_freed+0x20c/0x420
[ 70.067292][ T8400] ? copyout.part.0+0xd7/0x110
[ 70.087029][ C1] ? slab_free_freelist_hook+0xee/0x210
[ 70.093384][ T8400] end_report.cold+0x5a/0x5a
[ 70.093411][ T8400] kasan_report.cold+0x6a/0xd8
[ 70.101808][ C1] slab_free_freelist_hook+0x147/0x210
[ 70.109746][ T8400] ? copyout.part.0+0xd7/0x110
[ 70.117741][ C1] kmem_cache_free+0x8a/0x740
[ 70.125679][ T8400] kasan_check_range+0x13d/0x180
[ 70.145330][ C1] ? putname+0xe1/0x120
[ 70.153258][ T8400] copyout.part.0+0xd7/0x110
[ 70.153288][ T8400] _copy_to_iter+0x28a/0xf80
[ 70.161268][ C1] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 70.169296][ T8400] ? tcp_mstamp_refresh+0x12/0xa0
[ 70.175361][ C1] putname+0xe1/0x120
[ 70.181512][ T8400] ? _copy_from_iter_flushcache+0xa60/0xa60
[ 70.181542][ T8400] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 70.188133][ C1] filename_lookup+0x3c3/0x570
[ 70.190419][ T8400] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 70.198682][ C1] ? may_linkat+0x2d0/0x2d0
[ 70.208858][ T8400] ? __virt_addr_valid+0x5d/0x2d0
[ 70.218962][ C1] ? __check_object_size+0x171/0x3f0
[ 70.222221][ T8400] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 70.226532][ C1] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 70.234483][ T8400] ? __phys_addr_symbol+0x2c/0x70
[ 70.234516][ T8400] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 70.238454][ C1] ? strncpy_from_user+0x2a0/0x3e0
[ 70.243016][ T8400] ? __check_object_size+0x18a/0x3f0
[ 70.251016][ C1] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 70.256421][ T8400] simple_copy_to_iter+0x4c/0x70
[ 70.261193][ C1] ? getname_flags.part.0+0x1dd/0x4f0
[ 70.269124][ T8400] __skb_datagram_iter+0x4a7/0x770
[ 70.274514][ C1] vfs_statx+0x142/0x390
[ 70.279512][ T8400] ? zerocopy_sg_from_iter+0x110/0x110
[ 70.279546][ T8400] skb_copy_datagram_iter+0x40/0x50
[ 70.287521][ C1] ? do_readlinkat+0x2f0/0x2f0
[ 70.292524][ T8400] tcp_recvmsg_locked+0x1048/0x22f0
[ 70.292559][ T8400] ? tcp_splice_read+0x8b0/0x8b0
[ 70.297573][ C1] __do_sys_newlstat+0x91/0x110
[ 70.302308][ T8400] ? mark_held_locks+0x9f/0xe0
[ 70.307870][ C1] ? __do_sys_lstat+0x110/0x110
[ 70.312581][ T8400] ? __local_bh_enable_ip+0xa0/0x120
[ 70.318159][ C1] ? __context_tracking_exit+0xb8/0xe0
[ 70.322697][ T8400] tcp_recvmsg+0x134/0x550
[ 70.327457][ C1] ? __secure_computing+0x104/0x360
[ 70.332909][ T8400] ? tcp_recvmsg_locked+0x22f0/0x22f0
[ 70.332938][ T8400] ? aa_sk_perm+0x31b/0xab0
[ 70.337713][ C1] ? syscall_trace_enter.constprop.0+0x94/0x260
[ 70.342353][ T8400] inet_recvmsg+0x11b/0x5d0
[ 70.347269][ C1] do_syscall_64+0x2d/0x70
[ 70.351405][ T8400] ? inet_sendpage+0x140/0x140
[ 70.351433][ T8400] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 70.356018][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 70.360582][ T8400] ? security_socket_recvmsg+0x8f/0xc0
[ 70.360614][ T8400] sock_read_iter+0x33c/0x470
[ 70.366827][ C1] RIP: 0033:0x7fb2f0f40335
[ 70.371839][ T8400] ? ____sys_recvmsg+0x600/0x600
[ 70.371871][ T8400] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 70.375834][ C1] Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
[ 70.381702][ T8400] ? fsnotify+0xa16/0x1070
[ 70.381731][ T8400] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 70.387988][ C1] RSP: 002b:00007ffefdd21178 EFLAGS: 00000246
[ 70.392737][ T8400] new_sync_read+0x5b7/0x6e0
[ 70.398462][ C1] ORIG_RAX: 0000000000000006
[ 70.402937][ T8400] ? ksys_lseek+0x1b0/0x1b0
[ 70.407974][ C1] RAX: ffffffffffffffda RBX: 000055632c2db260 RCX: 00007fb2f0f40335
[ 70.413216][ T8400] vfs_read+0x35c/0x570
[ 70.419478][ C1] RDX: 00007ffefdd211b0 RSI: 00007ffefdd211b0 RDI: 000055632c2da260
[ 70.425681][ T8400] ksys_read+0x1ee/0x250
[ 70.430722][ C1] RBP: 00007ffefdd21270 R08: 0000000000000003 R09: 0000000000001010
[ 70.436389][ T8400] ? vfs_write+0xa30/0xa30
[ 70.441508][ C1] R10: 0000000000000030 R11: 0000000000000246 R12: 000055632c2da260
[ 70.446916][ T8400] ? syscall_enter_from_user_mode+0x27/0x70
[ 70.453492][ C1] R13: 000055632c2da264 R14: 000055632c2d9161 R15: 000055632c2d9164
[ 70.458479][ T8400] do_syscall_64+0x2d/0x70
[ 70.463961][ C1] irq event stamp: 12260
[ 70.469063][ T8400] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 70.469104][ T8400] RIP: 0033:0x4af19b
[ 70.474111][ C1] hardirqs last enabled at (12260): [] vprintk_emit+0x53b/0x560
[ 70.479555][ T8400] Code: fb ff eb bd e8 a6 b6 fb ff e9 61 ff ff ff cc e8 9b 82 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[ 70.479578][ T8400] RSP: 002b:000000c000451828 EFLAGS: 00000212 ORIG_RAX: 0000000000000000
[ 70.484771][ C1] hardirqs last disabled at (12259): [] vprintk_emit+0x48e/0x560
[ 70.489519][ T8400] RAX: ffffffffffffffda RBX: 000000c00001c000 RCX: 00000000004af19b
[ 70.489538][ T8400] RDX: 0000000000001000 RSI: 000000c0001f8000 RDI: 0000000000000006
[ 70.489550][ T8400] RBP: 000000c000451878 R08: 0000000000000001 R09: 0000000000000002
[ 70.489564][ T8400] R10: 0000000000006ebe R11: 0000000000000212 R12: 0000000000006eb8
[ 70.495002][ C1] softirqs last enabled at (11402): [] sock_setsockopt+0x20e/0x2810
[ 70.499928][ T8400] R13: 0000000000001000 R14: 0000000000000008 R15: 0000000000000008
[ 70.500342][ T8400] Kernel Offset: disabled
[ 70.830377][ T8400] Rebooting in 86400 seconds..