pktgen: Cannot create thread for cpu 1 (-4) IPVS: Creating netns size=2536 id=10 keychord: unsupported version 40 keychord: unsupported version 40 ================================================================== BUG: Double free or freeing an invalid pointer Unexpected shadow byte: 0xFB CPU: 0 PID: 3668 Comm: syz-executor1 Not tainted 4.9.41-gdb02484 #19 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ab4b7b70 ffffffff81d8f749 ffff8801da001b40 ffff8801d846e920 ffff8801d846e930 ffffffff82a70aa8 0000000000000282 ffff8801ab4b7b98 ffffffff8153931c 00000000fffffffb ffff8801da001b40 ffff8801d846e920 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181 [] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562 [] slab_free_hook mm/slub.c:1355 [inline] [] slab_free_freelist_hook mm/slub.c:1377 [inline] [] slab_free mm/slub.c:2958 [inline] [] kfree+0xf0/0x2f0 mm/slub.c:3878 [] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319 [] __vfs_write+0x103/0x680 fs/read_write.c:510 [] vfs_write+0x170/0x4e0 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801d846e920, in cache kmalloc-16 size: 16 Allocated: PID = 3668 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 __kmalloc+0x11d/0x310 mm/slub.c:3741 kmalloc include/linux/slab.h:495 [inline] kzalloc include/linux/slab.h:636 [inline] keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 3689 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kfree+0xf0/0x2f0 mm/slub.c:3878 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== ================================================================== BUG: Double free or freeing an invalid pointer Unexpected shadow byte: 0xFB CPU: 1 PID: 3700 Comm: syz-executor1 Tainted: G B 4.9.41-gdb02484 #19 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ab507b70 ffffffff81d8f749 ffff8801da001b40 ffff8801d1b140c0 ffff8801d1b140d0 ffffffff82a70aa8 0000000000000282 ffff8801ab507b98 ffffffff8153931c 00000000fffffffb ffff8801da001b40 ffff8801d1b140c0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181 [] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562 [] slab_free_hook mm/slub.c:1355 [inline] [] slab_free_freelist_hook mm/slub.c:1377 [inline] [] slab_free mm/slub.c:2958 [inline] [] kfree+0xf0/0x2f0 mm/slub.c:3878 [] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319 [] __vfs_write+0x103/0x680 fs/read_write.c:510 [] vfs_write+0x170/0x4e0 fs/read_write.c:560 [] SYSC_write fs/read_write.c:607 [inline] [] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801d1b140c0, in cache kmalloc-16 size: 16 Allocated: PID = 3700 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 __kmalloc+0x11d/0x310 mm/slub.c:3741 kmalloc include/linux/slab.h:495 [inline] kzalloc include/linux/slab.h:636 [inline] keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 3706 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kfree+0xf0/0x2f0 mm/slub.c:3878 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=3801 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14917 sclass=netlink_route_socket pig=3830 comm=syz-executor4 keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent mmap: syz-executor4 (3953) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt. syz-executor1 uses obsolete (PF_INET,SOCK_PACKET) netlink: 1 bytes leftover after parsing attributes in process `syz-executor7'. binder: 4019:4027 ioctl 560a 20eafff4 returned -22 binder: 4019:4027 ioctl 4b35 7ffd returned -22 netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. binder: 4019:4048 ioctl 560a 20eafff4 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4 netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'. binder: 4019:4027 ioctl 4b35 7ffd returned -22 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=8 sclass=netlink_tcpdiag_socket pig=4054 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=8 sclass=netlink_tcpdiag_socket pig=4083 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4058 comm=syz-executor4 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. device syz2 entered promiscuous mode netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. device syz2 left promiscuous mode device syz2 entered promiscuous mode keychord: Insufficient bytes present for keycount 186 keychord: Insufficient bytes present for keycount 186 netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. IPv6: NLM_F_REPLACE set, but no existing node found! netlink: 2 bytes leftover after parsing attributes in process `syz-executor6'. program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 netlink: 8 bytes leftover after parsing attributes in process `syz-executor7'. sock: process `syz-executor1' is using obsolete getsockopt SO_BSDCOMPAT device lo entered promiscuous mode capability: warning: `syz-executor3' uses deprecated v2 capabilities in a way that may be insecure device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode IPVS: Creating netns size=2536 id=11 pktgen: kernel_thread() failed for cpu 1 pktgen: Cannot create thread for cpu 1 (-4) IPVS: Creating netns size=2536 id=12 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device syz0 entered promiscuous mode device syz0 left promiscuous mode device syz0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5020 comm=syz-executor7 device syz7 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5060 comm=syz-executor7 device syz7 left promiscuous mode device syz7 entered promiscuous mode device syz4 entered promiscuous mode device  entered promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 70 CPU: 0 PID: 5177 Comm: syz-executor3 Tainted: G B 4.9.41-gdb02484 #19 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ab50fb50 ffffffff81d8f749 ffff8801ab50fe30 0000000000000000 ffff8801a97da590 ffff8801ab50fd20 ffff8801a97da480 ffff8801ab50fd48 ffffffff8165d5c8[ 57.501186] ALSA: seq fatal error: cannot create timer (-19) ffff8801ab50fca0 0000000000000000 00000001cacc6067 [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 ALSA: seq fatal error: cannot create timer (-19) [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 binder: 5209:5210 ioctl c0286404 207e2fd8 returned -22 binder: 5209:5211 ioctl c0286404 207e2fd8 returned -22 [] do_anonymous_page mm/memory.c:2746 [inline] [] handle_pte_fault mm/memory.c:3487 [inline] [] __handle_mm_fault mm/memory.c:3576 [inline] [] handle_mm_fault+0x1faa/0x2510 mm/memory.c:3613 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 device syz4 left promiscuous mode FAULT_FLAG_ALLOW_RETRY missing 70 CPU: 0 PID: 5177 Comm: syz-executor3 Tainted: G B 4.9.41-gdb02484 #19 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ab50fb50 ffffffff81d8f749 ffff8801ab50fe30 0000000000000000[ 57.670113] device syz4 entered promiscuous mode ffff8801a97da710 ffff8801ab50fd20 ffff8801a97da600 ffff8801ab50fd48 ffffffff8165d5c8 ffff8801ab50fca0 ffff8801c7867890 00000001ac837067 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] handle_userfault+0xa48/0x1300 fs/userfaultfd.c:323 [] do_anonymous_page mm/memory.c:2746 [inline] [] handle_pte_fault mm/memory.c:3487 [inline] [] __handle_mm_fault mm/memory.c:3576 [inline] [] handle_mm_fault+0x1faa/0x2510 mm/memory.c:3613 [] __do_page_fault+0x4eb/0xbd0 arch/x86/mm/fault.c:1397 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1460 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012 device  left promiscuous mode device syz4 left promiscuous mode device syz4 entered promiscuous mode device syz4 left promiscuous mode device lo entered promiscuous mode device syz4 entered promiscuous mode selinux_nlmsg_perm: 5 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56267 sclass=netlink_route_socket pig=5415 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56267 sclass=netlink_route_socket pig=5415 comm=syz-executor1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60265 sclass=netlink_route_socket pig=5531 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60265 sclass=netlink_route_socket pig=5540 comm=syz-executor5 binder: 5590:5591 ioctl 540f 20002ffc returned -22 binder: 5590:5591 ioctl 540f 20002ffc returned -22 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode nla_parse: 11 callbacks suppressed netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor3'. 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 2 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor4'. device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode binder: 6173:6179 ioctl 8010aa02 20c5cff0 returned -22 binder: 6173:6179 ioctl c0086420 2029e000 returned -22 binder: 6173:6179 ioctl 4008642b 20d3d000 returned -22 binder: 6173:6198 ioctl 8010aa02 20c5cff0 returned -22 binder: 6173:6179 ioctl c0086420 2029e000 returned -22 binder: 6173:6198 ioctl 4008642b 20d3d000 returned -22 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6199 comm=syz-executor3 device syz3 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6243 comm=syz-executor3 device syz3 left promiscuous mode device syz3 entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. 9pnet_virtio: no channels available for device ./bus 9pnet_virtio: no channels available for device ./bus device syz2 left promiscuous mode sock: process `syz-executor5' is using obsolete setsockopt SO_BSDCOMPAT device  entered promiscuous mode device  left promiscuous mode device  entered promiscuous mode device  left promiscuous mode