Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. 2020/07/30 08:37:18 parsed 1 programs 2020/07/30 08:37:19 executed programs: 0 syzkaller login: [ 869.779318] audit: type=1400 audit(1596098239.155:8): avc: denied { execmem } for pid=6385 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 870.035941] IPVS: ftp: loaded support on port[0] = 21 [ 870.852177] chnl_net:caif_netlink_parms(): no params data found [ 870.971942] bridge0: port 1(bridge_slave_0) entered blocking state [ 870.978894] bridge0: port 1(bridge_slave_0) entered disabled state [ 870.987741] device bridge_slave_0 entered promiscuous mode [ 870.995649] bridge0: port 2(bridge_slave_1) entered blocking state [ 871.002071] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.010207] device bridge_slave_1 entered promiscuous mode [ 871.026879] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 871.037311] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 871.055794] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 871.063957] team0: Port device team_slave_0 added [ 871.070221] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 871.077712] team0: Port device team_slave_1 added [ 871.093232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 871.099575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 871.125840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 871.137564] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 871.143822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 871.169108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 871.179775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 871.187511] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 871.237295] device hsr_slave_0 entered promiscuous mode [ 871.294988] device hsr_slave_1 entered promiscuous mode [ 871.335299] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 871.342424] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 871.404459] bridge0: port 2(bridge_slave_1) entered blocking state [ 871.411761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 871.418848] bridge0: port 1(bridge_slave_0) entered blocking state [ 871.425330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 871.457542] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 871.463649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 871.473557] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 871.482725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 871.502526] bridge0: port 1(bridge_slave_0) entered disabled state [ 871.509869] bridge0: port 2(bridge_slave_1) entered disabled state [ 871.520967] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 871.527183] 8021q: adding VLAN 0 to HW filter on device team0 [ 871.536002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 871.543704] bridge0: port 1(bridge_slave_0) entered blocking state [ 871.550128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 871.559311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 871.567252] bridge0: port 2(bridge_slave_1) entered blocking state [ 871.573610] bridge0: port 2(bridge_slave_1) entered forwarding state [ 871.593566] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 871.603493] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 871.615343] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 871.622202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 871.630569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 871.639526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 871.647373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 871.662774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 871.669797] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 871.681874] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 871.691371] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 871.698330] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 871.708821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 871.764595] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 871.774415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 871.803027] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 871.811094] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 871.819130] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 871.828552] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 871.835862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 871.843342] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 871.850514] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 871.859642] device veth0_vlan entered promiscuous mode [ 871.868965] device veth1_vlan entered promiscuous mode [ 871.882618] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 871.891410] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 871.898627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 871.912957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 871.924116] device veth0_macvtap entered promiscuous mode [ 871.930949] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 871.940043] device veth1_macvtap entered promiscuous mode [ 871.947005] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 871.955672] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 871.964482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 871.974580] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 871.982358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 871.989531] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 871.997182] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 872.004199] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 872.012558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 872.023352] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 872.030556] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 872.037692] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 872.045776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/07/30 08:37:24 executed programs: 88 2020/07/30 08:37:29 executed programs: 367 2020/07/30 08:37:34 executed programs: 639 2020/07/30 08:37:39 executed programs: 1100 2020/07/30 08:37:44 executed programs: 1592 2020/07/30 08:37:49 executed programs: 2078 2020/07/30 08:37:54 executed programs: 2566 2020/07/30 08:37:59 executed programs: 3044 2020/07/30 08:38:04 executed programs: 3526 2020/07/30 08:38:09 executed programs: 4006 [ 922.036196] NOHZ: local_softirq_pending 08 [ 922.040745] NOHZ: local_softirq_pending 08 2020/07/30 08:38:14 executed programs: 4491 2020/07/30 08:38:19 executed programs: 4972 2020/07/30 08:38:24 executed programs: 5458 2020/07/30 08:38:29 executed programs: 5948 2020/07/30 08:38:34 executed programs: 6425 2020/07/30 08:38:39 executed programs: 6896 2020/07/30 08:38:44 executed programs: 7379 2020/07/30 08:38:49 executed programs: 7855 2020/07/30 08:38:54 executed programs: 8337 2020/07/30 08:38:59 executed programs: 8810 2020/07/30 08:39:04 executed programs: 9293 2020/07/30 08:39:09 executed programs: 9778 2020/07/30 08:39:14 executed programs: 10275 2020/07/30 08:39:19 executed programs: 10751 2020/07/30 08:39:24 executed programs: 11222 2020/07/30 08:39:29 executed programs: 11687 2020/07/30 08:39:34 executed programs: 12150 2020/07/30 08:39:39 executed programs: 12609 2020/07/30 08:39:44 executed programs: 13094 [ 1019.347863] ================================================================== [ 1019.355410] BUG: KASAN: double-free or invalid-free in 0x2 [ 1019.361042] [ 1019.362656] CPU: 1 PID: 15604 Comm: syz-executor.0 Not tainted 4.14.190-syzkaller #0 [ 1019.370563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1019.379915] Call Trace: [ 1019.382602] dump_stack+0x1b2/0x283 [ 1019.386280] print_address_description.cold+0x54/0x1d3 [ 1019.391566] kasan_report_double_free+0x51/0x80 [ 1019.397199] kasan_slab_free+0x16f/0x1a0 [ 1019.401470] ? rwsem_optimistic_spin+0x15d/0x3f0 [ 1019.406260] ? trace_hardirqs_on+0x10/0x10 [ 1019.410573] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1019.415587] ? lock_acquire+0x170/0x3f0 [ 1019.419557] ? lock_downgrade+0x740/0x740 [ 1019.423745] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1019.428857] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1019.437652] ? debug_object_activate+0x490/0x490 [ 1019.443175] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1019.448683] ? snd_seq_port_disconnect+0x3f1/0x500 [ 1019.453599] kfree+0xc9/0x250 [ 1019.456691] snd_seq_port_disconnect+0x3f1/0x500 [ 1019.461454] ? check_subscription_permission.isra.0+0x112/0x1e0 [ 1019.467678] snd_seq_ioctl_unsubscribe_port+0x1d4/0x370 [ 1019.473046] ? snd_seq_ioctl_running_mode+0x140/0x140 [ 1019.478221] ? lock_acquire+0x170/0x3f0 [ 1019.482196] ? lock_downgrade+0x740/0x740 [ 1019.486327] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1019.491426] snd_seq_kernel_client_ctl+0xcb/0x110 [ 1019.496311] snd_seq_oss_midi_close+0x29c/0x400 [ 1019.500983] ? snd_seq_oss_midi_open_all+0xc0/0xc0 [ 1019.505894] ? snd_seq_oss_midi_reset+0xb9/0x400 [ 1019.510702] snd_seq_oss_synth_reset+0x39d/0x830 [ 1019.515460] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 1019.520575] ? __lock_acquire+0x5fc/0x3f20 [ 1019.524797] ? trace_hardirqs_on+0x10/0x10 [ 1019.529056] snd_seq_oss_reset+0x64/0x250 [ 1019.533247] snd_seq_oss_ioctl+0x9a5/0xc30 [ 1019.537477] ? snd_seq_oss_midi_info_user+0xf0/0xf0 [ 1019.542544] ? futex_exit_release+0x220/0x220 [ 1019.547025] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1019.552031] odev_ioctl+0x4f/0x90 [ 1019.555468] ? odev_open+0x80/0x80 [ 1019.559051] do_vfs_ioctl+0x75a/0xff0 [ 1019.562876] ? selinux_inode_setxattr+0x730/0x730 [ 1019.567701] ? ioctl_preallocate+0x1a0/0x1a0 [ 1019.572129] ? lock_downgrade+0x740/0x740 [ 1019.576309] ? __fget+0x225/0x360 [ 1019.579780] ? security_file_ioctl+0x83/0xb0 [ 1019.584179] SyS_ioctl+0x7f/0xb0 [ 1019.587534] ? do_vfs_ioctl+0xff0/0xff0 [ 1019.591517] do_syscall_64+0x1d5/0x640 [ 1019.595394] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1019.600841] RIP: 0033:0x45c429 [ 1019.604014] RSP: 002b:00007f201b4d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1019.612420] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045c429 [ 1019.619681] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 1019.626944] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000 [ 1019.634216] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 1019.641487] R13: 00007ffd8c30f55f R14: 00007f201b4d19c0 R15: 000000000078bf0c [ 1019.648750] [ 1019.650358] Allocated by task 15604: [ 1019.654051] kasan_kmalloc+0xeb/0x160 [ 1019.657833] kmem_cache_alloc_trace+0x131/0x3d0 [ 1019.662481] snd_seq_port_connect+0x5d/0x4d0 [ 1019.666887] snd_seq_ioctl_subscribe_port+0x1d4/0x370 [ 1019.672079] snd_seq_kernel_client_ctl+0xcb/0x110 [ 1019.676917] snd_seq_oss_midi_open+0x485/0x590 [ 1019.681478] snd_seq_oss_synth_setup_midi+0x104/0x4d0 [ 1019.686664] snd_seq_oss_open+0x7a0/0x920 [ 1019.690802] odev_open+0x62/0x80 [ 1019.694206] soundcore_open+0x3ee/0x5a0 [ 1019.698164] chrdev_open+0x23c/0x6d0 [ 1019.701913] do_dentry_open+0x44b/0xec0 [ 1019.705931] vfs_open+0x105/0x220 [ 1019.709379] path_openat+0x628/0x2970 [ 1019.718746] do_filp_open+0x179/0x3c0 [ 1019.722547] do_sys_open+0x296/0x410 [ 1019.726242] do_syscall_64+0x1d5/0x640 [ 1019.731425] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1019.736605] [ 1019.738225] Freed by task 15605: [ 1019.742285] kasan_slab_free+0xc3/0x1a0 [ 1019.746255] kfree+0xc9/0x250 [ 1019.749352] snd_seq_port_disconnect+0x3f1/0x500 [ 1019.754101] snd_seq_ioctl_unsubscribe_port+0x1d4/0x370 [ 1019.759462] snd_seq_kernel_client_ctl+0xcb/0x110 [ 1019.764301] snd_seq_oss_midi_close+0x29c/0x400 [ 1019.768964] snd_seq_oss_synth_reset+0x39d/0x830 [ 1019.774580] snd_seq_oss_reset+0x64/0x250 [ 1019.778725] snd_seq_oss_ioctl+0x9a5/0xc30 [ 1019.783631] odev_ioctl+0x4f/0x90 [ 1019.787063] do_vfs_ioctl+0x75a/0xff0 [ 1019.790850] SyS_ioctl+0x7f/0xb0 [ 1019.794200] do_syscall_64+0x1d5/0x640 [ 1019.798069] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1019.803236] [ 1019.804869] The buggy address belongs to the object at ffff8880a012f6c0 [ 1019.804869] which belongs to the cache kmalloc-128 of size 128 [ 1019.817517] The buggy address is located 0 bytes inside of [ 1019.817517] 128-byte region [ffff8880a012f6c0, ffff8880a012f740) [ 1019.829259] The buggy address belongs to the page: [ 1019.834298] page:ffffea0002804bc0 count:1 mapcount:0 mapping:ffff8880a012f000 index:0x0 [ 1019.842443] flags: 0xfffe0000000100(slab) [ 1019.846578] raw: 00fffe0000000100 ffff8880a012f000 0000000000000000 0000000100000015 [ 1019.854442] raw: ffffea000282f1a0 ffffea000235b2a0 ffff88812fe52640 0000000000000000 [ 1019.862423] page dumped because: kasan: bad access detected [ 1019.868307] [ 1019.869918] Memory state around the buggy address: [ 1019.874843] ffff8880a012f580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1019.882215] ffff8880a012f600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1019.889581] >ffff8880a012f680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1019.896934] ^ [ 1019.902373] ffff8880a012f700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1019.909897] ffff8880a012f780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1019.917244] ================================================================== [ 1019.925556] Disabling lock debugging due to kernel taint [ 1019.931001] Kernel panic - not syncing: panic_on_warn set ... [ 1019.931001] [ 1019.938359] CPU: 1 PID: 15604 Comm: syz-executor.0 Tainted: G B 4.14.190-syzkaller #0 [ 1019.947449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1019.956805] Call Trace: [ 1019.959450] dump_stack+0x1b2/0x283 [ 1019.963183] panic+0x1f9/0x42d [ 1019.966462] ? add_taint.cold+0x16/0x16 [ 1019.970420] ? lock_downgrade+0x740/0x740 [ 1019.974560] kasan_end_report+0x43/0x49 [ 1019.978551] kasan_report_double_free+0x6d/0x80 [ 1019.983225] kasan_slab_free+0x16f/0x1a0 [ 1019.987267] ? rwsem_optimistic_spin+0x15d/0x3f0 [ 1019.992007] ? trace_hardirqs_on+0x10/0x10 [ 1019.996244] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1020.001243] ? lock_acquire+0x170/0x3f0 [ 1020.005196] ? lock_downgrade+0x740/0x740 [ 1020.009347] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1020.014447] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1020.019458] ? debug_object_activate+0x490/0x490 [ 1020.024191] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1020.029637] ? snd_seq_port_disconnect+0x3f1/0x500 [ 1020.034562] kfree+0xc9/0x250 [ 1020.037745] snd_seq_port_disconnect+0x3f1/0x500 [ 1020.043001] ? check_subscription_permission.isra.0+0x112/0x1e0 [ 1020.049072] snd_seq_ioctl_unsubscribe_port+0x1d4/0x370 [ 1020.054777] ? snd_seq_ioctl_running_mode+0x140/0x140 [ 1020.060134] ? lock_acquire+0x170/0x3f0 [ 1020.064101] ? lock_downgrade+0x740/0x740 [ 1020.069041] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 1020.074132] snd_seq_kernel_client_ctl+0xcb/0x110 [ 1020.078959] snd_seq_oss_midi_close+0x29c/0x400 [ 1020.084737] ? snd_seq_oss_midi_open_all+0xc0/0xc0 [ 1020.089656] ? snd_seq_oss_midi_reset+0xb9/0x400 [ 1020.094394] snd_seq_oss_synth_reset+0x39d/0x830 [ 1020.099145] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 1020.104247] ? __lock_acquire+0x5fc/0x3f20 [ 1020.108462] ? trace_hardirqs_on+0x10/0x10 [ 1020.112678] snd_seq_oss_reset+0x64/0x250 [ 1020.116812] snd_seq_oss_ioctl+0x9a5/0xc30 [ 1020.121024] ? snd_seq_oss_midi_info_user+0xf0/0xf0 [ 1020.126034] ? futex_exit_release+0x220/0x220 [ 1020.130517] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1020.135519] odev_ioctl+0x4f/0x90 [ 1020.138960] ? odev_open+0x80/0x80 [ 1020.142488] do_vfs_ioctl+0x75a/0xff0 [ 1020.146269] ? selinux_inode_setxattr+0x730/0x730 [ 1020.151096] ? ioctl_preallocate+0x1a0/0x1a0 [ 1020.155485] ? lock_downgrade+0x740/0x740 [ 1020.159627] ? __fget+0x225/0x360 [ 1020.163081] ? security_file_ioctl+0x83/0xb0 [ 1020.167472] SyS_ioctl+0x7f/0xb0 [ 1020.170820] ? do_vfs_ioctl+0xff0/0xff0 [ 1020.174785] do_syscall_64+0x1d5/0x640 [ 1020.178661] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1020.183847] RIP: 0033:0x45c429 [ 1020.187036] RSP: 002b:00007f201b4d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1020.194729] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045c429 [ 1020.202013] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 1020.209265] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000 [ 1020.217315] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 1020.225956] R13: 00007ffd8c30f55f R14: 00007f201b4d19c0 R15: 000000000078bf0c [ 1020.234358] Kernel Offset: disabled [ 1020.237976] Rebooting in 86400 seconds..