[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts.
2021/04/26 06:21:22 fuzzer started
2021/04/26 06:21:22 dialing manager at 10.128.0.169:40357
2021/04/26 06:21:22 syscalls: 3560
2021/04/26 06:21:22 code coverage: enabled
2021/04/26 06:21:22 comparison tracing: enabled
2021/04/26 06:21:22 extra coverage: enabled
2021/04/26 06:21:22 setuid sandbox: enabled
2021/04/26 06:21:22 namespace sandbox: enabled
2021/04/26 06:21:22 Android sandbox: /sys/fs/selinux/policy does not exist
2021/04/26 06:21:22 fault injection: enabled
2021/04/26 06:21:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/04/26 06:21:22 net packet injection: enabled
2021/04/26 06:21:22 net device setup: enabled
2021/04/26 06:21:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2021/04/26 06:21:22 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/04/26 06:21:22 USB emulation: enabled
2021/04/26 06:21:22 hci packet injection: enabled
2021/04/26 06:21:22 wifi device emulation: enabled
2021/04/26 06:21:22 802.15.4 emulation: enabled
2021/04/26 06:21:22 fetching corpus: 0, signal 0/2000 (executing program)
syzkaller login: [   72.710763][ T8477] vma ffff88802ffd0108 start 00007f3e1ef87000 end 00007f3e1ef88000
[   72.710763][ T8477] next ffff88802ffd0210 prev ffff88802ffd0000 mm ffff88801ce6b100
[   72.710763][ T8477] prot 8000000000000025 anon_vma ffff888013165d00 vm_ops ffffffff897f8900
[   72.710763][ T8477] pgoff 6 file ffff88801a434000 private_data 0000000000000000
[   72.710763][ T8477] flags: 0x8100071(read|mayread|maywrite|mayexec|account|softdirty)
[   72.751717][ T8477] ------------[ cut here ]------------
[   72.757199][ T8477] kernel BUG at mm/mmap.c:388!
[   72.771950][ T8477] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   72.778071][ T8477] CPU: 1 PID: 8477 Comm: systemd-udevd Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
[   72.787903][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.797983][ T8477] RIP: 0010:validate_mm_rb+0x1d6/0x2d0
[   72.803490][ T8477] Code: 4c 0f 42 e8 e8 fb da c9 ff 4c 89 ee 4c 89 ff e8 30 e1 c9 ff 4d 39 ef 0f 84 70 fe ff ff e8 e2 da c9 ff 4c 89 e7 e8 81 7d 29 07 <0f> 0b 49 89 c5 e8 d0 da c9 ff 48 8d 7d f8 48 89 f8 48 c1 e8 03 42
[   72.823127][ T8477] RSP: 0018:ffffc900016dfdb0 EFLAGS: 00010287
[   72.829214][ T8477] RAX: 0000000000000146 RBX: ffff888014b3b840 RCX: 0000000000000000
[   72.837206][ T8477] RDX: ffff888021f80000 RSI: ffffffff815cebe5 RDI: fffff520002dbf91
[   72.845200][ T8477] RBP: ffff88802ffd0128 R08: 0000000000000146 R09: 0000000000000000
[   72.853191][ T8477] R10: ffffffff815c8a2e R11: 0000000000000000 R12: ffff88802ffd0108
[   72.861182][ T8477] R13: 000000001ef85fb2 R14: dffffc0000000000 R15: 0000000000000000
[   72.871000][ T8477] FS:  00007f3e1fa2e8c0(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[   72.879953][ T8477] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.886551][ T8477] CR2: 000055bd37934070 CR3: 0000000025181000 CR4: 00000000001506e0
[   72.894521][ T8477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.902478][ T8477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.910435][ T8477] Call Trace:
[   72.913725][ T8477]  __do_munmap+0x512/0x11a0
[   72.918228][ T8477]  __vm_munmap+0x101/0x230
[   72.922631][ T8477]  ? __do_sys_remap_file_pages+0x710/0x710
[   72.928448][ T8477]  __x64_sys_munmap+0x62/0x80
[   72.933175][ T8477]  do_syscall_64+0x3a/0xb0
[   72.937598][ T8477]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   72.943483][ T8477] RIP: 0033:0x7f3e1e8a96e7
[   72.947887][ T8477] Code: c7 c0 ff ff ff ff eb 8d 48 8b 15 ac 47 2b 00 f7 d8 64 89 02 e9 5b ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 47 2b 00 f7 d8 64 89 01 48
[   72.967582][ T8477] RSP: 002b:00007ffd3884d2a8 EFLAGS: 00000206 ORIG_RAX: 000000000000000b
[   72.976005][ T8477] RAX: ffffffffffffffda RBX: 000055bd3791e100 RCX: 00007f3e1e8a96e7
[   72.983971][ T8477] RDX: 0000000000000080 RSI: 000000000080ccec RDI: 00007f3e1d737000
[   72.991943][ T8477] RBP: 000055bd35c31d18 R08: 000055bd3791f3e0 R09: 0000000000000000
[   72.999903][ T8477] R10: 00000000ffffffff R11: 0000000000000206 R12: 000055bd3791e0e0
2021/04/26 06:21:23 fetching corpus: 50, signal 58535/62038 (executing program)
[   73.007863][ T8477] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000e
[   73.015829][ T8477] Modules linked in:
[   73.021990][ T8477] ---[ end trace c184e00d43da52e7 ]---
[   73.027483][ T8477] RIP: 0010:validate_mm_rb+0x1d6/0x2d0
[   73.033534][ T8477] Code: 4c 0f 42 e8 e8 fb da c9 ff 4c 89 ee 4c 89 ff e8 30 e1 c9 ff 4d 39 ef 0f 84 70 fe ff ff e8 e2 da c9 ff 4c 89 e7 e8 81 7d 29 07 <0f> 0b 49 89 c5 e8 d0 da c9 ff 48 8d 7d f8 48 89 f8 48 c1 e8 03 42
[   73.054511][ T8477] RSP: 0018:ffffc900016dfdb0 EFLAGS: 00010287
[   73.061667][ T8477] RAX: 0000000000000146 RBX: ffff888014b3b840 RCX: 0000000000000000
[   73.072243][ T8477] RDX: ffff888021f80000 RSI: ffffffff815cebe5 RDI: fffff520002dbf91
[   73.080559][    C0] ==================================================================
[   73.080573][    C0] BUG: KASAN: use-after-free in skb_try_coalesce+0xb77/0x1440
[   73.080612][    C0] Write of size 32 at addr ffff888012b67fec by task systemd-udevd/8477
[   73.080630][    C0] 
[   73.080636][    C0] CPU: 0 PID: 8477 Comm: systemd-udevd Tainted: G      D           5.12.0-rc8-next-20210423-syzkaller #0
[   73.080654][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   73.080665][    C0] Call Trace:
[   73.080669][    C0]  <IRQ>
[   73.080675][    C0]  dump_stack+0x141/0x1d7
[   73.080699][    C0]  ? skb_try_coalesce+0xb77/0x1440
[   73.080717][    C0]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   73.080747][    C0]  ? skb_try_coalesce+0xb77/0x1440
[   73.080768][    C0]  ? skb_try_coalesce+0xb77/0x1440
[   73.080791][    C0]  kasan_report.cold+0x7c/0xd8
[   73.080808][    C0]  ? kmem_cache_free+0x51/0x750
[   73.080833][    C0]  ? skb_try_coalesce+0xb77/0x1440
[   73.080851][    C0]  kasan_check_range+0x13d/0x180
[   73.080871][    C0]  memcpy+0x39/0x60
[   73.080886][    C0]  skb_try_coalesce+0xb77/0x1440
[   73.080906][    C0]  ? __sk_mem_raise_allocated+0x70f/0x1320
[   73.080928][    C0]  tcp_try_coalesce+0x393/0x920
[   73.080952][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   73.080979][    C0]  ? tcp_urg.part.0+0x2d0/0x2d0
[   73.080999][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   73.081019][    C0]  ? tcp_try_rmem_schedule+0x98b/0x16d0
[   73.081043][    C0]  tcp_queue_rcv+0x8a/0x6e0
[   73.081062][    C0]  tcp_data_queue+0x150a/0x4b10
[   73.081078][    C0]  ? lock_acquire+0x58a/0x740
[   73.081102][    C0]  ? rcu_read_lock_sched_held+0xd/0x70
[   73.081126][    C0]  ? tcp_data_ready+0x540/0x540
[   73.081141][    C0]  ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[   73.081160][    C0]  ? ktime_get+0x30b/0x470
[   73.081184][    C0]  tcp_rcv_established+0x841/0x1eb0
[   73.081203][    C0]  ? tcp_data_queue+0x4b10/0x4b10
[   73.081222][    C0]  ? do_raw_spin_lock+0x120/0x2b0
[   73.081240][    C0]  tcp_v4_do_rcv+0x5d1/0x870
[   73.081262][    C0]  tcp_v4_rcv+0x3298/0x3950
[   73.081294][    C0]  ? tcp_v4_early_demux+0x8f0/0x8f0
[   73.081317][    C0]  ? lock_release+0x720/0x720
[   73.081338][    C0]  ? nf_hook.constprop.0+0x3e8/0x650
[   73.081361][    C0]  ? ip_protocol_deliver_rcu+0xa20/0xa20
[   73.081382][    C0]  ip_protocol_deliver_rcu+0xa7/0xa20
[   73.081407][    C0]  ip_local_deliver_finish+0x20a/0x370
[   73.081432][    C0]  ip_local_deliver+0x1b3/0x200
[   73.081450][    C0]  ip_sublist_rcv_finish+0x9a/0x2c0
[   73.081470][    C0]  ip_list_rcv_finish.constprop.0+0x51e/0x6e0
[   73.081493][    C0]  ? ip_rcv_finish_core.constprop.0+0x1e80/0x1e80
[   73.081513][    C0]  ? ip_list_rcv_finish.constprop.0+0x6e0/0x6e0
[   73.081539][    C0]  ? ip_rcv_core+0x867/0xcb0
[   73.081557][    C0]  ip_list_rcv+0x34e/0x490
[   73.081579][    C0]  ? ip_rcv+0xd0/0xd0
[   73.081602][    C0]  ? ip_rcv+0xd0/0xd0
[   73.081621][    C0]  __netif_receive_skb_list_core+0x549/0x8e0
[   73.081647][    C0]  ? lock_acquire+0x58a/0x740
[   73.081665][    C0]  ? process_backlog+0x6c0/0x6c0
[   73.081683][    C0]  ? ktime_get_with_offset+0x3f2/0x500
[   73.081704][    C0]  netif_receive_skb_list_internal+0x75e/0xd80
[   73.081723][    C0]  ? __netif_receive_skb_list_core+0x8e0/0x8e0
[   73.081745][    C0]  ? virtqueue_get_buf_ctx_split+0x423/0x5f0
[   73.081769][    C0]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   73.081795][    C0]  ? detach_buf_split+0x599/0x7b0
[   73.081816][    C0]  ? __sanitizer_cov_trace_cmp2+0x22/0x80
[   73.081842][    C0]  napi_complete_done+0x1f1/0x880
[   73.081860][    C0]  virtnet_poll+0xbeb/0x1180
[   73.081887][    C0]  ? receive_buf+0x6250/0x6250
[   73.081908][    C0]  ? __common_interrupt+0x9d/0x210
[   73.081931][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   73.081956][    C0]  __napi_poll+0xaf/0x440
[   73.081972][    C0]  net_rx_action+0x801/0xb40
[   73.081990][    C0]  ? napi_threaded_poll+0x5b0/0x5b0
[   73.082009][    C0]  ? asm_common_interrupt+0x1e/0x40
[   73.082036][    C0]  __do_softirq+0x29b/0x9fe
[   73.082055][    C0]  __irq_exit_rcu+0x136/0x200
[   73.082076][    C0]  irq_exit_rcu+0x5/0x20
[   73.082091][    C0]  common_interrupt+0xa4/0xd0
[   73.082116][    C0]  </IRQ>
[   73.082122][    C0]  asm_common_interrupt+0x1e/0x40
[   73.082138][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[   73.082160][    C0] Code: f0 4d 89 03 e9 f2 fc ff ff b9 ff ff ff ff ba 08 00 00 00 4d 8b 03 48 0f bd ca 49 8b 45 00 48 63 c9 e9 64 ff ff ff 0f 1f 40 00 <65> 8b 05 49 f6 8c 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
[   73.082177][    C0] RSP: 0018:ffffc900016df8f8 EFLAGS: 00000293
[   73.082194][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   73.082206][    C0] RDX: ffff888021f80000 RSI: ffffffff815cb983 RDI: 0000000000000003
[   73.082217][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   73.082226][    C0] R10: ffffffff815cb979 R11: 0000000000000000 R12: ffffffff84b9fcf0
[   73.082237][    C0] R13: 0000000000000200 R14: dffffc0000000000 R15: ffffc900016df958
[   73.082248][    C0]  ? loopback_xmit+0x630/0x630
[   73.082266][    C0]  ? console_unlock+0x7b9/0xc40
[   73.082290][    C0]  ? console_unlock+0x7c3/0xc40
[   73.082311][    C0]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   73.082334][    C0]  console_unlock+0x7c9/0xc40
[   73.082359][    C0]  ? devkmsg_read+0x7d0/0x7d0
[   73.082376][    C0]  ? lock_acquire+0x58a/0x740
[   73.082394][    C0]  ? lock_release+0x720/0x720
[   73.082417][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   73.082433][    C0]  ? vprintk+0x8d/0x260
[   73.082452][    C0]  vprintk_emit+0x1ca/0x560
[   73.082474][    C0]  vprintk+0x8d/0x260
[   73.082492][    C0]  printk+0xba/0xed
[   73.082512][    C0]  ? record_print_text.cold+0x16/0x16
[   73.082535][    C0]  ? validate_mm_rb+0x1ac/0x2d0
[   73.082555][    C0]  ? show_opcodes.cold+0x1c/0x21
[   73.082578][    C0]  ? vprintk+0x95/0x260
[   73.082600][    C0]  ? vprintk+0x95/0x260
[   73.082616][    C0]  __show_regs.cold+0x106/0x508
[   73.082632][    C0]  oops_end+0x76/0xf0
[   73.082646][    C0]  do_trap+0x1ad/0x290
[   73.082658][    C0]  ? validate_mm_rb+0x1d6/0x2d0
[   73.082673][    C0]  ? validate_mm_rb+0x1d6/0x2d0
[   73.082686][    C0]  do_error_trap+0xb1/0x160
[   73.082699][    C0]  ? validate_mm_rb+0x1d6/0x2d0
[   73.082713][    C0]  handle_invalid_op+0x2c/0x30
[   73.082726][    C0]  ? validate_mm_rb+0x1d6/0x2d0
[   73.082739][    C0]  exc_invalid_op+0x2b/0x40
[   73.082755][    C0]  asm_exc_invalid_op+0x12/0x20
[   73.082769][    C0] RIP: 0010:validate_mm_rb+0x1d6/0x2d0
[   73.082784][    C0] Code: 4c 0f 42 e8 e8 fb da c9 ff 4c 89 ee 4c 89 ff e8 30 e1 c9 ff 4d 39 ef 0f 84 70 fe ff ff e8 e2 da c9 ff 4c 89 e7 e8 81 7d 29 07 <0f> 0b 49 89 c5 e8 d0 da c9 ff 48 8d 7d f8 48 89 f8 48 c1 e8 03 42
[   73.082796][    C0] RSP: 0018:ffffc900016dfdb0 EFLAGS: 00010287
[   73.082807][    C0] RAX: 0000000000000146 RBX: ffff888014b3b840 RCX: 0000000000000000
[   73.082816][    C0] RDX: ffff888021f80000 RSI: ffffffff815cebe5 RDI: fffff520002dbf91
[   73.082826][    C0] RBP: ffff88802ffd0128 R08: 0000000000000146 R09: 0000000000000000
[   73.082834][    C0] R10: ffffffff815c8a2e R11: 0000000000000000 R12: ffff88802ffd0108
[   73.082847][    C0] R13: 000000001ef85fb2 R14: dffffc0000000000 R15: 0000000000000000
[   73.082857][    C0]  ? wake_up_klogd.part.0+0x8e/0xd0
[   73.082874][    C0]  ? vprintk+0x95/0x260
[   73.082891][    C0]  __do_munmap+0x512/0x11a0
[   73.082907][    C0]  __vm_munmap+0x101/0x230
[   73.082921][    C0]  ? __do_sys_remap_file_pages+0x710/0x710
[   73.082941][    C0]  __x64_sys_munmap+0x62/0x80
[   73.082956][    C0]  do_syscall_64+0x3a/0xb0
[   73.082971][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   73.082987][    C0] RIP: 0033:0x7f3e1e8a96e7
[   73.082999][    C0] Code: c7 c0 ff ff ff ff eb 8d 48 8b 15 ac 47 2b 00 f7 d8 64 89 02 e9 5b ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 47 2b 00 f7 d8 64 89 01 48
[   73.083012][    C0] RSP: 002b:00007ffd3884d2a8 EFLAGS: 00000206 ORIG_RAX: 000000000000000b
[   73.083026][    C0] RAX: ffffffffffffffda RBX: 000055bd3791e100 RCX: 00007f3e1e8a96e7
[   73.083035][    C0] RDX: 0000000000000080 RSI: 000000000080ccec RDI: 00007f3e1d737000
[   73.083044][    C0] RBP: 000055bd35c31d18 R08: 000055bd3791f3e0 R09: 0000000000000000
[   73.083053][    C0] R10: 00000000ffffffff R11: 0000000000000206 R12: 000055bd3791e0e0
[   73.083061][    C0] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000e
[   73.083073][    C0] 
[   73.083076][    C0] The buggy address belongs to the page:
[   73.083082][    C0] page:ffffea00004ad800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12b60
[   73.083097][    C0] head:ffffea00004ad800 order:3 compound_mapcount:0 compound_pincount:0
[   73.083107][    C0] flags: 0xfff00000010000(head|node=0|zone=1|lastcpupid=0x7ff)
[   73.083129][    C0] raw: 00fff00000010000 0000000000000000 dead000000000122 0000000000000000
[   73.083142][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   73.083149][    C0] page dumped because: kasan: bad access detected
[   73.083154][    C0] 
[   73.083157][    C0] Memory state around the buggy address:
[   73.083163][    C0]  ffff888012b67f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   73.083172][    C0]  ffff888012b67f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   73.083181][    C0] >ffff888012b68000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.083188][    C0]                    ^
[   73.083194][    C0]  ffff888012b68080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.083203][    C0]  ffff888012b68100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.083210][    C0] ==================================================================
[   73.083274][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   73.083918][    C0] Kernel Offset: disabled
[   74.001637][    C0] Rebooting in 86400 seconds..