Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. executing program [ 85.853350][ T26] audit: type=1400 audit(1575552095.710:42): avc: denied { map } for pid=9498 comm="syz-executor675" path="/root/syz-executor675425118" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 85.926991][ T9499] ================================================================== [ 85.935189][ T9499] BUG: KASAN: slab-out-of-bounds in linear_transfer+0x6de/0x970 [ 85.942796][ T9499] Read of size 1 at addr ffff88808e07c7c0 by task syz-executor675/9499 [ 85.951052][ T9499] [ 85.953365][ T9499] CPU: 1 PID: 9499 Comm: syz-executor675 Not tainted 5.4.0-syzkaller #0 [ 85.961662][ T9499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.971741][ T9499] Call Trace: [ 85.975014][ T9499] dump_stack+0x197/0x210 [ 85.979322][ T9499] ? linear_transfer+0x6de/0x970 [ 85.984290][ T9499] print_address_description.constprop.0.cold+0xd4/0x30b [ 85.991317][ T9499] ? linear_transfer+0x6de/0x970 [ 85.996234][ T9499] ? linear_transfer+0x6de/0x970 [ 86.001164][ T9499] __kasan_report.cold+0x1b/0x41 [ 86.006095][ T9499] ? linear_transfer+0x6de/0x970 [ 86.011046][ T9499] kasan_report+0x12/0x20 [ 86.015356][ T9499] check_memory_region+0x134/0x1a0 [ 86.020442][ T9499] memcpy+0x24/0x50 [ 86.024274][ T9499] linear_transfer+0x6de/0x970 [ 86.029031][ T9499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.035311][ T9499] ? snd_pcm_plugin_build_copy+0x410/0x410 [ 86.041121][ T9499] ? io_capture_transfer+0x1fd/0x330 [ 86.046384][ T9499] ? rate_dst_frames+0x2e0/0x2e0 [ 86.051303][ T9499] snd_pcm_plug_read_transfer+0x197/0x2e0 [ 86.057009][ T9499] ? snd_pcm_plug_write_transfer+0x3e0/0x3e0 [ 86.062967][ T9499] ? snd_pcm_format_physical_width+0x75/0x90 [ 86.068928][ T9499] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 86.074629][ T9499] ? snd_pcm_plug_client_channels_buf+0x212/0x450 [ 86.081023][ T9499] snd_pcm_oss_read2+0x1f0/0x3f0 [ 86.085942][ T9499] ? snd_pcm_oss_read3+0x420/0x420 [ 86.091034][ T9499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.097256][ T9499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 86.103563][ T9499] snd_pcm_oss_read+0x548/0x6a0 [ 86.108400][ T9499] __vfs_read+0x8a/0x110 [ 86.112618][ T9499] ? snd_pcm_oss_read2+0x3f0/0x3f0 [ 86.117710][ T9499] vfs_read+0x1f0/0x440 [ 86.121844][ T9499] ksys_read+0x14f/0x290 [ 86.126064][ T9499] ? kernel_write+0x130/0x130 [ 86.130720][ T9499] ? do_syscall_64+0x26/0x790 [ 86.135377][ T9499] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.141430][ T9499] ? do_syscall_64+0x26/0x790 [ 86.146085][ T9499] __x64_sys_read+0x73/0xb0 [ 86.150579][ T9499] do_syscall_64+0xfa/0x790 [ 86.155063][ T9499] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.160928][ T9499] RIP: 0033:0x445829 [ 86.164800][ T9499] Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.184386][ T9499] RSP: 002b:00007fadef3c4db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 86.192783][ T9499] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445829 [ 86.200732][ T9499] RDX: 0000000000001000 RSI: 0000000020000380 RDI: 0000000000000003 [ 86.208679][ T9499] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 86.216638][ T9499] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 86.224695][ T9499] R13: 00007fff4d55f95f R14: 00007fadef3c59c0 R15: 20c49ba5e353f7cf [ 86.232651][ T9499] [ 86.234956][ T9499] Allocated by task 9499: [ 86.239272][ T9499] save_stack+0x23/0x90 [ 86.243407][ T9499] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 86.249022][ T9499] kasan_kmalloc+0x9/0x10 [ 86.253341][ T9499] __kmalloc_node+0x4e/0x70 [ 86.257824][ T9499] kvmalloc_node+0x68/0x100 [ 86.262319][ T9499] snd_pcm_plugin_alloc+0x585/0x770 [ 86.267502][ T9499] snd_pcm_plug_alloc+0x146/0x330 [ 86.272505][ T9499] snd_pcm_oss_change_params_locked+0x210f/0x3750 [ 86.278893][ T9499] snd_pcm_oss_change_params+0x7b/0xd0 [ 86.284343][ T9499] snd_pcm_oss_get_active_substream+0x136/0x190 [ 86.290577][ T9499] snd_pcm_oss_ioctl+0x1794/0x33a0 [ 86.295722][ T9499] do_vfs_ioctl+0x977/0x14e0 [ 86.300339][ T9499] ksys_ioctl+0xab/0xd0 [ 86.304474][ T9499] __x64_sys_ioctl+0x73/0xb0 [ 86.309059][ T9499] do_syscall_64+0xfa/0x790 [ 86.313544][ T9499] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.319417][ T9499] [ 86.321739][ T9499] Freed by task 0: [ 86.325480][ T9499] (stack is not available) [ 86.329881][ T9499] [ 86.332188][ T9499] The buggy address belongs to the object at ffff88808e07c780 [ 86.332188][ T9499] which belongs to the cache kmalloc-64 of size 64 [ 86.346045][ T9499] The buggy address is located 0 bytes to the right of [ 86.346045][ T9499] 64-byte region [ffff88808e07c780, ffff88808e07c7c0) [ 86.359567][ T9499] The buggy address belongs to the page: [ 86.365182][ T9499] page:ffffea0002381f00 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 86.374272][ T9499] raw: 00fffe0000000200 ffffea00024a99c8 ffff8880aa401348 ffff8880aa400380 [ 86.382835][ T9499] raw: 0000000000000000 ffff88808e07c000 0000000100000020 0000000000000000 [ 86.391666][ T9499] page dumped because: kasan: bad access detected [ 86.398066][ T9499] [ 86.400374][ T9499] Memory state around the buggy address: [ 86.405983][ T9499] ffff88808e07c680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 86.414378][ T9499] ffff88808e07c700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 86.422427][ T9499] >ffff88808e07c780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 86.430467][ T9499] ^ [ 86.436595][ T9499] ffff88808e07c800: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 86.444647][ T9499] ffff88808e07c880: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 86.452697][ T9499] ================================================================== [ 86.461166][ T9499] Disabling lock debugging due to kernel taint [ 86.467437][ T9499] Kernel panic - not syncing: panic_on_warn set ... [ 86.474034][ T9499] CPU: 1 PID: 9499 Comm: syz-executor675 Tainted: G B 5.4.0-syzkaller #0 [ 86.483798][ T9499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.493847][ T9499] Call Trace: [ 86.497119][ T9499] dump_stack+0x197/0x210 [ 86.501430][ T9499] panic+0x2e3/0x75c [ 86.505311][ T9499] ? add_taint.cold+0x16/0x16 [ 86.509965][ T9499] ? linear_transfer+0x6de/0x970 [ 86.514904][ T9499] ? preempt_schedule+0x4b/0x60 [ 86.519738][ T9499] ? ___preempt_schedule+0x16/0x18 [ 86.524842][ T9499] ? trace_hardirqs_on+0x5e/0x240 [ 86.529857][ T9499] ? linear_transfer+0x6de/0x970 [ 86.534772][ T9499] end_report+0x47/0x4f [ 86.538904][ T9499] ? linear_transfer+0x6de/0x970 [ 86.543815][ T9499] __kasan_report.cold+0xe/0x41 [ 86.548644][ T9499] ? linear_transfer+0x6de/0x970 [ 86.553572][ T9499] kasan_report+0x12/0x20 [ 86.557987][ T9499] check_memory_region+0x134/0x1a0 [ 86.563073][ T9499] memcpy+0x24/0x50 [ 86.566876][ T9499] linear_transfer+0x6de/0x970 [ 86.571627][ T9499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.577849][ T9499] ? snd_pcm_plugin_build_copy+0x410/0x410 [ 86.583630][ T9499] ? io_capture_transfer+0x1fd/0x330 [ 86.588890][ T9499] ? rate_dst_frames+0x2e0/0x2e0 [ 86.593804][ T9499] snd_pcm_plug_read_transfer+0x197/0x2e0 [ 86.599499][ T9499] ? snd_pcm_plug_write_transfer+0x3e0/0x3e0 [ 86.605462][ T9499] ? snd_pcm_format_physical_width+0x75/0x90 [ 86.611450][ T9499] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 86.617170][ T9499] ? snd_pcm_plug_client_channels_buf+0x212/0x450 [ 86.623563][ T9499] snd_pcm_oss_read2+0x1f0/0x3f0 [ 86.628480][ T9499] ? snd_pcm_oss_read3+0x420/0x420 [ 86.633670][ T9499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.639888][ T9499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 86.646113][ T9499] snd_pcm_oss_read+0x548/0x6a0 [ 86.650942][ T9499] __vfs_read+0x8a/0x110 [ 86.655162][ T9499] ? snd_pcm_oss_read2+0x3f0/0x3f0 [ 86.660250][ T9499] vfs_read+0x1f0/0x440 [ 86.664389][ T9499] ksys_read+0x14f/0x290 [ 86.668626][ T9499] ? kernel_write+0x130/0x130 [ 86.673307][ T9499] ? do_syscall_64+0x26/0x790 [ 86.677969][ T9499] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.684009][ T9499] ? do_syscall_64+0x26/0x790 [ 86.688661][ T9499] __x64_sys_read+0x73/0xb0 [ 86.693141][ T9499] do_syscall_64+0xfa/0x790 [ 86.697632][ T9499] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.703508][ T9499] RIP: 0033:0x445829 [ 86.707379][ T9499] Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.726955][ T9499] RSP: 002b:00007fadef3c4db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 86.735352][ T9499] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445829 [ 86.743307][ T9499] RDX: 0000000000001000 RSI: 0000000020000380 RDI: 0000000000000003 [ 86.751273][ T9499] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 86.759238][ T9499] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 86.767185][ T9499] R13: 00007fff4d55f95f R14: 00007fadef3c59c0 R15: 20c49ba5e353f7cf [ 86.775933][ T9499] Kernel Offset: disabled [ 86.780260][ T9499] Rebooting in 86400 seconds..