[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. 2021/04/26 06:21:22 fuzzer started 2021/04/26 06:21:22 dialing manager at 10.128.0.169:40357 2021/04/26 06:21:22 syscalls: 3560 2021/04/26 06:21:22 code coverage: enabled 2021/04/26 06:21:22 comparison tracing: enabled 2021/04/26 06:21:22 extra coverage: enabled 2021/04/26 06:21:22 setuid sandbox: enabled 2021/04/26 06:21:22 namespace sandbox: enabled 2021/04/26 06:21:22 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/26 06:21:22 fault injection: enabled 2021/04/26 06:21:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/26 06:21:22 net packet injection: enabled 2021/04/26 06:21:22 net device setup: enabled 2021/04/26 06:21:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/26 06:21:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/26 06:21:22 USB emulation: enabled 2021/04/26 06:21:22 hci packet injection: enabled 2021/04/26 06:21:22 wifi device emulation: enabled 2021/04/26 06:21:22 802.15.4 emulation: enabled 2021/04/26 06:21:22 fetching corpus: 0, signal 0/2000 (executing program) syzkaller login: [ 72.710763][ T8477] vma ffff88802ffd0108 start 00007f3e1ef87000 end 00007f3e1ef88000 [ 72.710763][ T8477] next ffff88802ffd0210 prev ffff88802ffd0000 mm ffff88801ce6b100 [ 72.710763][ T8477] prot 8000000000000025 anon_vma ffff888013165d00 vm_ops ffffffff897f8900 [ 72.710763][ T8477] pgoff 6 file ffff88801a434000 private_data 0000000000000000 [ 72.710763][ T8477] flags: 0x8100071(read|mayread|maywrite|mayexec|account|softdirty) [ 72.751717][ T8477] ------------[ cut here ]------------ [ 72.757199][ T8477] kernel BUG at mm/mmap.c:388! [ 72.771950][ T8477] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 72.778071][ T8477] CPU: 1 PID: 8477 Comm: systemd-udevd Not tainted 5.12.0-rc8-next-20210423-syzkaller #0 [ 72.787903][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.797983][ T8477] RIP: 0010:validate_mm_rb+0x1d6/0x2d0 [ 72.803490][ T8477] Code: 4c 0f 42 e8 e8 fb da c9 ff 4c 89 ee 4c 89 ff e8 30 e1 c9 ff 4d 39 ef 0f 84 70 fe ff ff e8 e2 da c9 ff 4c 89 e7 e8 81 7d 29 07 <0f> 0b 49 89 c5 e8 d0 da c9 ff 48 8d 7d f8 48 89 f8 48 c1 e8 03 42 [ 72.823127][ T8477] RSP: 0018:ffffc900016dfdb0 EFLAGS: 00010287 [ 72.829214][ T8477] RAX: 0000000000000146 RBX: ffff888014b3b840 RCX: 0000000000000000 [ 72.837206][ T8477] RDX: ffff888021f80000 RSI: ffffffff815cebe5 RDI: fffff520002dbf91 [ 72.845200][ T8477] RBP: ffff88802ffd0128 R08: 0000000000000146 R09: 0000000000000000 [ 72.853191][ T8477] R10: ffffffff815c8a2e R11: 0000000000000000 R12: ffff88802ffd0108 [ 72.861182][ T8477] R13: 000000001ef85fb2 R14: dffffc0000000000 R15: 0000000000000000 [ 72.871000][ T8477] FS: 00007f3e1fa2e8c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 72.879953][ T8477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.886551][ T8477] CR2: 000055bd37934070 CR3: 0000000025181000 CR4: 00000000001506e0 [ 72.894521][ T8477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.902478][ T8477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.910435][ T8477] Call Trace: [ 72.913725][ T8477] __do_munmap+0x512/0x11a0 [ 72.918228][ T8477] __vm_munmap+0x101/0x230 [ 72.922631][ T8477] ? __do_sys_remap_file_pages+0x710/0x710 [ 72.928448][ T8477] __x64_sys_munmap+0x62/0x80 [ 72.933175][ T8477] do_syscall_64+0x3a/0xb0 [ 72.937598][ T8477] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.943483][ T8477] RIP: 0033:0x7f3e1e8a96e7 [ 72.947887][ T8477] Code: c7 c0 ff ff ff ff eb 8d 48 8b 15 ac 47 2b 00 f7 d8 64 89 02 e9 5b ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 47 2b 00 f7 d8 64 89 01 48 [ 72.967582][ T8477] RSP: 002b:00007ffd3884d2a8 EFLAGS: 00000206 ORIG_RAX: 000000000000000b [ 72.976005][ T8477] RAX: ffffffffffffffda RBX: 000055bd3791e100 RCX: 00007f3e1e8a96e7 [ 72.983971][ T8477] RDX: 0000000000000080 RSI: 000000000080ccec RDI: 00007f3e1d737000 [ 72.991943][ T8477] RBP: 000055bd35c31d18 R08: 000055bd3791f3e0 R09: 0000000000000000 [ 72.999903][ T8477] R10: 00000000ffffffff R11: 0000000000000206 R12: 000055bd3791e0e0 2021/04/26 06:21:23 fetching corpus: 50, signal 58535/62038 (executing program) [ 73.007863][ T8477] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000e [ 73.015829][ T8477] Modules linked in: [ 73.021990][ T8477] ---[ end trace c184e00d43da52e7 ]--- [ 73.027483][ T8477] RIP: 0010:validate_mm_rb+0x1d6/0x2d0 [ 73.033534][ T8477] Code: 4c 0f 42 e8 e8 fb da c9 ff 4c 89 ee 4c 89 ff e8 30 e1 c9 ff 4d 39 ef 0f 84 70 fe ff ff e8 e2 da c9 ff 4c 89 e7 e8 81 7d 29 07 <0f> 0b 49 89 c5 e8 d0 da c9 ff 48 8d 7d f8 48 89 f8 48 c1 e8 03 42 [ 73.054511][ T8477] RSP: 0018:ffffc900016dfdb0 EFLAGS: 00010287 [ 73.061667][ T8477] RAX: 0000000000000146 RBX: ffff888014b3b840 RCX: 0000000000000000 [ 73.072243][ T8477] RDX: ffff888021f80000 RSI: ffffffff815cebe5 RDI: fffff520002dbf91 [ 73.080559][ C0] ================================================================== [ 73.080573][ C0] BUG: KASAN: use-after-free in skb_try_coalesce+0xb77/0x1440 [ 73.080612][ C0] Write of size 32 at addr ffff888012b67fec by task systemd-udevd/8477 [ 73.080630][ C0] [ 73.080636][ C0] CPU: 0 PID: 8477 Comm: systemd-udevd Tainted: G D 5.12.0-rc8-next-20210423-syzkaller #0 [ 73.080654][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.080665][ C0] Call Trace: [ 73.080669][ C0] [ 73.080675][ C0] dump_stack+0x141/0x1d7 [ 73.080699][ C0] ? skb_try_coalesce+0xb77/0x1440 [ 73.080717][ C0] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 73.080747][ C0] ? skb_try_coalesce+0xb77/0x1440 [ 73.080768][ C0] ? skb_try_coalesce+0xb77/0x1440 [ 73.080791][ C0] kasan_report.cold+0x7c/0xd8 [ 73.080808][ C0] ? kmem_cache_free+0x51/0x750 [ 73.080833][ C0] ? skb_try_coalesce+0xb77/0x1440 [ 73.080851][ C0] kasan_check_range+0x13d/0x180 [ 73.080871][ C0] memcpy+0x39/0x60 [ 73.080886][ C0] skb_try_coalesce+0xb77/0x1440 [ 73.080906][ C0] ? __sk_mem_raise_allocated+0x70f/0x1320 [ 73.080928][ C0] tcp_try_coalesce+0x393/0x920 [ 73.080952][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.080979][ C0] ? tcp_urg.part.0+0x2d0/0x2d0 [ 73.080999][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.081019][ C0] ? tcp_try_rmem_schedule+0x98b/0x16d0 [ 73.081043][ C0] tcp_queue_rcv+0x8a/0x6e0 [ 73.081062][ C0] tcp_data_queue+0x150a/0x4b10 [ 73.081078][ C0] ? lock_acquire+0x58a/0x740 [ 73.081102][ C0] ? rcu_read_lock_sched_held+0xd/0x70 [ 73.081126][ C0] ? tcp_data_ready+0x540/0x540 [ 73.081141][ C0] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 73.081160][ C0] ? ktime_get+0x30b/0x470 [ 73.081184][ C0] tcp_rcv_established+0x841/0x1eb0 [ 73.081203][ C0] ? tcp_data_queue+0x4b10/0x4b10 [ 73.081222][ C0] ? do_raw_spin_lock+0x120/0x2b0 [ 73.081240][ C0] tcp_v4_do_rcv+0x5d1/0x870 [ 73.081262][ C0] tcp_v4_rcv+0x3298/0x3950 [ 73.081294][ C0] ? tcp_v4_early_demux+0x8f0/0x8f0 [ 73.081317][ C0] ? lock_release+0x720/0x720 [ 73.081338][ C0] ? nf_hook.constprop.0+0x3e8/0x650 [ 73.081361][ C0] ? ip_protocol_deliver_rcu+0xa20/0xa20 [ 73.081382][ C0] ip_protocol_deliver_rcu+0xa7/0xa20 [ 73.081407][ C0] ip_local_deliver_finish+0x20a/0x370 [ 73.081432][ C0] ip_local_deliver+0x1b3/0x200 [ 73.081450][ C0] ip_sublist_rcv_finish+0x9a/0x2c0 [ 73.081470][ C0] ip_list_rcv_finish.constprop.0+0x51e/0x6e0 [ 73.081493][ C0] ? ip_rcv_finish_core.constprop.0+0x1e80/0x1e80 [ 73.081513][ C0] ? ip_list_rcv_finish.constprop.0+0x6e0/0x6e0 [ 73.081539][ C0] ? ip_rcv_core+0x867/0xcb0 [ 73.081557][ C0] ip_list_rcv+0x34e/0x490 [ 73.081579][ C0] ? ip_rcv+0xd0/0xd0 [ 73.081602][ C0] ? ip_rcv+0xd0/0xd0 [ 73.081621][ C0] __netif_receive_skb_list_core+0x549/0x8e0 [ 73.081647][ C0] ? lock_acquire+0x58a/0x740 [ 73.081665][ C0] ? process_backlog+0x6c0/0x6c0 [ 73.081683][ C0] ? ktime_get_with_offset+0x3f2/0x500 [ 73.081704][ C0] netif_receive_skb_list_internal+0x75e/0xd80 [ 73.081723][ C0] ? __netif_receive_skb_list_core+0x8e0/0x8e0 [ 73.081745][ C0] ? virtqueue_get_buf_ctx_split+0x423/0x5f0 [ 73.081769][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 73.081795][ C0] ? detach_buf_split+0x599/0x7b0 [ 73.081816][ C0] ? __sanitizer_cov_trace_cmp2+0x22/0x80 [ 73.081842][ C0] napi_complete_done+0x1f1/0x880 [ 73.081860][ C0] virtnet_poll+0xbeb/0x1180 [ 73.081887][ C0] ? receive_buf+0x6250/0x6250 [ 73.081908][ C0] ? __common_interrupt+0x9d/0x210 [ 73.081931][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 73.081956][ C0] __napi_poll+0xaf/0x440 [ 73.081972][ C0] net_rx_action+0x801/0xb40 [ 73.081990][ C0] ? napi_threaded_poll+0x5b0/0x5b0 [ 73.082009][ C0] ? asm_common_interrupt+0x1e/0x40 [ 73.082036][ C0] __do_softirq+0x29b/0x9fe [ 73.082055][ C0] __irq_exit_rcu+0x136/0x200 [ 73.082076][ C0] irq_exit_rcu+0x5/0x20 [ 73.082091][ C0] common_interrupt+0xa4/0xd0 [ 73.082116][ C0] [ 73.082122][ C0] asm_common_interrupt+0x1e/0x40 [ 73.082138][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 73.082160][ C0] Code: f0 4d 89 03 e9 f2 fc ff ff b9 ff ff ff ff ba 08 00 00 00 4d 8b 03 48 0f bd ca 49 8b 45 00 48 63 c9 e9 64 ff ff ff 0f 1f 40 00 <65> 8b 05 49 f6 8c 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b [ 73.082177][ C0] RSP: 0018:ffffc900016df8f8 EFLAGS: 00000293 [ 73.082194][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 73.082206][ C0] RDX: ffff888021f80000 RSI: ffffffff815cb983 RDI: 0000000000000003 [ 73.082217][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 73.082226][ C0] R10: ffffffff815cb979 R11: 0000000000000000 R12: ffffffff84b9fcf0 [ 73.082237][ C0] R13: 0000000000000200 R14: dffffc0000000000 R15: ffffc900016df958 [ 73.082248][ C0] ? loopback_xmit+0x630/0x630 [ 73.082266][ C0] ? console_unlock+0x7b9/0xc40 [ 73.082290][ C0] ? console_unlock+0x7c3/0xc40 [ 73.082311][ C0] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.082334][ C0] console_unlock+0x7c9/0xc40 [ 73.082359][ C0] ? devkmsg_read+0x7d0/0x7d0 [ 73.082376][ C0] ? lock_acquire+0x58a/0x740 [ 73.082394][ C0] ? lock_release+0x720/0x720 [ 73.082417][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 73.082433][ C0] ? vprintk+0x8d/0x260 [ 73.082452][ C0] vprintk_emit+0x1ca/0x560 [ 73.082474][ C0] vprintk+0x8d/0x260 [ 73.082492][ C0] printk+0xba/0xed [ 73.082512][ C0] ? record_print_text.cold+0x16/0x16 [ 73.082535][ C0] ? validate_mm_rb+0x1ac/0x2d0 [ 73.082555][ C0] ? show_opcodes.cold+0x1c/0x21 [ 73.082578][ C0] ? vprintk+0x95/0x260 [ 73.082600][ C0] ? vprintk+0x95/0x260 [ 73.082616][ C0] __show_regs.cold+0x106/0x508 [ 73.082632][ C0] oops_end+0x76/0xf0 [ 73.082646][ C0] do_trap+0x1ad/0x290 [ 73.082658][ C0] ? validate_mm_rb+0x1d6/0x2d0 [ 73.082673][ C0] ? validate_mm_rb+0x1d6/0x2d0 [ 73.082686][ C0] do_error_trap+0xb1/0x160 [ 73.082699][ C0] ? validate_mm_rb+0x1d6/0x2d0 [ 73.082713][ C0] handle_invalid_op+0x2c/0x30 [ 73.082726][ C0] ? validate_mm_rb+0x1d6/0x2d0 [ 73.082739][ C0] exc_invalid_op+0x2b/0x40 [ 73.082755][ C0] asm_exc_invalid_op+0x12/0x20 [ 73.082769][ C0] RIP: 0010:validate_mm_rb+0x1d6/0x2d0 [ 73.082784][ C0] Code: 4c 0f 42 e8 e8 fb da c9 ff 4c 89 ee 4c 89 ff e8 30 e1 c9 ff 4d 39 ef 0f 84 70 fe ff ff e8 e2 da c9 ff 4c 89 e7 e8 81 7d 29 07 <0f> 0b 49 89 c5 e8 d0 da c9 ff 48 8d 7d f8 48 89 f8 48 c1 e8 03 42 [ 73.082796][ C0] RSP: 0018:ffffc900016dfdb0 EFLAGS: 00010287 [ 73.082807][ C0] RAX: 0000000000000146 RBX: ffff888014b3b840 RCX: 0000000000000000 [ 73.082816][ C0] RDX: ffff888021f80000 RSI: ffffffff815cebe5 RDI: fffff520002dbf91 [ 73.082826][ C0] RBP: ffff88802ffd0128 R08: 0000000000000146 R09: 0000000000000000 [ 73.082834][ C0] R10: ffffffff815c8a2e R11: 0000000000000000 R12: ffff88802ffd0108 [ 73.082847][ C0] R13: 000000001ef85fb2 R14: dffffc0000000000 R15: 0000000000000000 [ 73.082857][ C0] ? wake_up_klogd.part.0+0x8e/0xd0 [ 73.082874][ C0] ? vprintk+0x95/0x260 [ 73.082891][ C0] __do_munmap+0x512/0x11a0 [ 73.082907][ C0] __vm_munmap+0x101/0x230 [ 73.082921][ C0] ? __do_sys_remap_file_pages+0x710/0x710 [ 73.082941][ C0] __x64_sys_munmap+0x62/0x80 [ 73.082956][ C0] do_syscall_64+0x3a/0xb0 [ 73.082971][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.082987][ C0] RIP: 0033:0x7f3e1e8a96e7 [ 73.082999][ C0] Code: c7 c0 ff ff ff ff eb 8d 48 8b 15 ac 47 2b 00 f7 d8 64 89 02 e9 5b ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 47 2b 00 f7 d8 64 89 01 48 [ 73.083012][ C0] RSP: 002b:00007ffd3884d2a8 EFLAGS: 00000206 ORIG_RAX: 000000000000000b [ 73.083026][ C0] RAX: ffffffffffffffda RBX: 000055bd3791e100 RCX: 00007f3e1e8a96e7 [ 73.083035][ C0] RDX: 0000000000000080 RSI: 000000000080ccec RDI: 00007f3e1d737000 [ 73.083044][ C0] RBP: 000055bd35c31d18 R08: 000055bd3791f3e0 R09: 0000000000000000 [ 73.083053][ C0] R10: 00000000ffffffff R11: 0000000000000206 R12: 000055bd3791e0e0 [ 73.083061][ C0] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000e [ 73.083073][ C0] [ 73.083076][ C0] The buggy address belongs to the page: [ 73.083082][ C0] page:ffffea00004ad800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12b60 [ 73.083097][ C0] head:ffffea00004ad800 order:3 compound_mapcount:0 compound_pincount:0 [ 73.083107][ C0] flags: 0xfff00000010000(head|node=0|zone=1|lastcpupid=0x7ff) [ 73.083129][ C0] raw: 00fff00000010000 0000000000000000 dead000000000122 0000000000000000 [ 73.083142][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 73.083149][ C0] page dumped because: kasan: bad access detected [ 73.083154][ C0] [ 73.083157][ C0] Memory state around the buggy address: [ 73.083163][ C0] ffff888012b67f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.083172][ C0] ffff888012b67f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.083181][ C0] >ffff888012b68000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.083188][ C0] ^ [ 73.083194][ C0] ffff888012b68080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.083203][ C0] ffff888012b68100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.083210][ C0] ================================================================== [ 73.083274][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 73.083918][ C0] Kernel Offset: disabled [ 74.001637][ C0] Rebooting in 86400 seconds..