[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts.

Debian GNU/Linux 9 syzkaller ttyS0

2020/07/31 12:44:05 parsed 1 programs
2020/07/31 12:44:06 executed programs: 0
syzkaller login: [   74.523590][   T27] audit: type=1400 audit(1596199446.202:8): avc:  denied  { execmem } for  pid=6934 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   74.572839][ T6935] IPVS: ftp: loaded support on port[0] = 21
[   74.669516][ T6935] chnl_net:caif_netlink_parms(): no params data found
[   74.721686][ T6935] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.729901][ T6935] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.738816][ T6935] device bridge_slave_0 entered promiscuous mode
[   74.749002][ T6935] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.757256][ T6935] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.766006][ T6935] device bridge_slave_1 entered promiscuous mode
[   74.788037][ T6935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.799217][ T6935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.822662][ T6935] team0: Port device team_slave_0 added
[   74.830388][ T6935] team0: Port device team_slave_1 added
[   74.848937][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.856177][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.883071][ T6935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.896883][ T6935] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.903855][ T6935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.931080][ T6935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.998733][ T6935] device hsr_slave_0 entered promiscuous mode
[   75.045435][ T6935] device hsr_slave_1 entered promiscuous mode
[   75.197838][ T6935] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.278986][ T6935] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.328493][ T6935] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.377455][ T6935] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.433346][ T6935] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.440663][ T6935] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.448849][ T6935] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.456033][ T6935] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.502425][ T6935] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.515804][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   75.528496][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.537249][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.547594][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   75.560464][ T6935] 8021q: adding VLAN 0 to HW filter on device team0
[   75.571349][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   75.581250][ T2763] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.588623][ T2763] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.600443][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   75.609859][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.616991][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.638615][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   75.647422][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   75.657732][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   75.670119][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   75.679566][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   75.692593][ T6935] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   75.705978][ T6935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   75.714283][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   75.723491][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   75.743346][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   75.750919][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   75.764131][ T6935] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.787369][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   75.797403][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   75.817548][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   75.826721][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   75.838814][ T6935] device veth0_vlan entered promiscuous mode
[   75.846644][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   75.854456][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   75.869711][ T6935] device veth1_vlan entered promiscuous mode
[   75.890906][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   75.899571][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   75.908572][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   75.918047][ T2763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   75.930560][ T6935] device veth0_macvtap entered promiscuous mode
[   75.941105][ T6935] device veth1_macvtap entered promiscuous mode
[   75.959592][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.967304][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   75.976672][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   75.984787][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   75.994187][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   76.006805][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.017353][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   76.027052][ T2519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.295564][ T2519] Bluetooth: hci0: command 0x0409 tx timeout
2020/07/31 12:44:11 executed programs: 52
[   79.806818][ T7378] ==================================================================
[   79.815107][ T7378] BUG: KASAN: double-free or invalid-free in snd_seq_port_disconnect+0x4c1/0x5c0
[   79.824209][ T7378] 
[   79.826548][ T7378] CPU: 1 PID: 7378 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0
[   79.835132][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.845273][ T7378] Call Trace:
[   79.848569][ T7378]  dump_stack+0x18f/0x20d
[   79.853004][ T7378]  print_address_description.constprop.0.cold+0xae/0x436
[   79.860034][ T7378]  ? lockdep_hardirqs_off+0x66/0xa0
[   79.865258][ T7378]  ? vprintk_func+0x97/0x1a6
[   79.869842][ T7378]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   79.875456][ T7378]  kasan_report_invalid_free+0x51/0x80
[   79.880926][ T7378]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   79.886543][ T7378]  __kasan_slab_free+0x127/0x140
[   79.891595][ T7378]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   79.897231][ T7378]  kfree+0x103/0x2c0
[   79.901110][ T7378]  snd_seq_port_disconnect+0x4c1/0x5c0
[   79.906557][ T7378]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[   79.912700][ T7378]  ? snd_seq_ioctl_running_mode+0x180/0x180
[   79.918606][ T7378]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   79.924397][ T7378]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   79.930375][ T7378]  snd_seq_kernel_client_ctl+0xeb/0x130
[   79.935916][ T7378]  snd_seq_oss_midi_close+0x36e/0x4d0
[   79.941281][ T7378]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[   79.946902][ T7378]  ? tomoyo_execute_permission+0x470/0x470
[   79.952689][ T7378]  snd_seq_oss_synth_reset+0x418/0x860
[   79.958130][ T7378]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[   79.963928][ T7378]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   79.969816][ T7378]  snd_seq_oss_reset+0x6f/0x290
[   79.974669][ T7378]  snd_seq_oss_ioctl+0xb7b/0xd40
[   79.979601][ T7378]  ? snd_seq_oss_midi_info_user+0x140/0x140
[   79.985500][ T7378]  ? __fget_files+0x294/0x400
[   79.990177][ T7378]  odev_ioctl+0x4f/0x90
[   79.994311][ T7378]  ? odev_open+0x90/0x90
[   79.998542][ T7378]  ksys_ioctl+0x11a/0x180
[   80.002851][ T7378]  __x64_sys_ioctl+0x6f/0xb0
[   80.007438][ T7378]  ? lockdep_hardirqs_on+0x6a/0xe0
[   80.012563][ T7378]  do_syscall_64+0x60/0xe0
[   80.016972][ T7378]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   80.022860][ T7378] RIP: 0033:0x45cc79
[   80.026737][ T7378] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   80.046431][ T7378] RSP: 002b:00007fa92c82bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   80.054831][ T7378] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79
[   80.062790][ T7378] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[   80.070754][ T7378] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000
[   80.078734][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
[   80.086709][ T7378] R13: 00007ffcc6f2c79f R14: 00007fa92c82c9c0 R15: 000000000078bf0c
[   80.095312][ T7378] 
[   80.097634][ T7378] Allocated by task 7378:
[   80.101946][ T7378]  save_stack+0x1b/0x40
[   80.106094][ T7378]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[   80.111707][ T7378]  kmem_cache_alloc_trace+0x14f/0x2d0
[   80.117072][ T7378]  snd_seq_port_connect+0x5d/0x520
[   80.122159][ T7378]  snd_seq_ioctl_subscribe_port+0x1fc/0x400
[   80.128034][ T7378]  snd_seq_kernel_client_ctl+0xeb/0x130
[   80.133566][ T7378]  snd_seq_oss_midi_open+0x466/0x6e0
[   80.138832][ T7378]  snd_seq_oss_synth_setup_midi+0x123/0x520
[   80.145413][ T7378]  snd_seq_oss_open+0x87e/0xa10
[   80.150265][ T7378]  odev_open+0x6c/0x90
[   80.154333][ T7378]  soundcore_open+0x445/0x600
[   80.158996][ T7378]  chrdev_open+0x266/0x770
[   80.163389][ T7378]  do_dentry_open+0x501/0x1290
[   80.168131][ T7378]  path_openat+0x1bb9/0x2750
[   80.172707][ T7378]  do_filp_open+0x17e/0x3c0
[   80.177201][ T7378]  do_sys_openat2+0x16f/0x3b0
[   80.181865][ T7378]  __x64_sys_openat+0x13f/0x1f0
[   80.186707][ T7378]  do_syscall_64+0x60/0xe0
[   80.191147][ T7378]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   80.197380][ T7378] 
[   80.199687][ T7378] Freed by task 7379:
[   80.203668][ T7378]  save_stack+0x1b/0x40
[   80.207810][ T7378]  __kasan_slab_free+0xf5/0x140
[   80.212634][ T7378]  kfree+0x103/0x2c0
[   80.216526][ T7378]  snd_seq_port_disconnect+0x4c1/0x5c0
[   80.221969][ T7378]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[   80.228026][ T7378]  snd_seq_kernel_client_ctl+0xeb/0x130
[   80.233550][ T7378]  snd_seq_oss_midi_close+0x36e/0x4d0
[   80.238911][ T7378]  snd_seq_oss_synth_reset+0x418/0x860
[   80.244350][ T7378]  snd_seq_oss_reset+0x6f/0x290
[   80.249197][ T7378]  snd_seq_oss_ioctl+0xb7b/0xd40
[   80.254121][ T7378]  odev_ioctl+0x4f/0x90
[   80.258255][ T7378]  ksys_ioctl+0x11a/0x180
[   80.262566][ T7378]  __x64_sys_ioctl+0x6f/0xb0
[   80.270010][ T7378]  do_syscall_64+0x60/0xe0
[   80.274412][ T7378]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   80.280284][ T7378] 
[   80.282591][ T7378] The buggy address belongs to the object at ffff888098895700
[   80.282591][ T7378]  which belongs to the cache kmalloc-128 of size 128
[   80.296647][ T7378] The buggy address is located 0 bytes inside of
[   80.296647][ T7378]  128-byte region [ffff888098895700, ffff888098895780)
[   80.309732][ T7378] The buggy address belongs to the page:
[   80.315349][ T7378] page:ffffea0002622540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   80.324447][ T7378] flags: 0xfffe0000000200(slab)
[   80.329291][ T7378] raw: 00fffe0000000200 ffffea0002995648 ffffea00024ed608 ffff8880aa000700
[   80.337858][ T7378] raw: 0000000000000000 ffff888098895000 0000000100000010 0000000000000000
[   80.346546][ T7378] page dumped because: kasan: bad access detected
[   80.352959][ T7378] 
[   80.355266][ T7378] Memory state around the buggy address:
[   80.360907][ T7378]  ffff888098895600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.368955][ T7378]  ffff888098895680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   80.376999][ T7378] >ffff888098895700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.385034][ T7378]                    ^
[   80.389087][ T7378]  ffff888098895780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   80.397142][ T7378]  ffff888098895800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.405178][ T7378] ==================================================================
[   80.413211][ T7378] Disabling lock debugging due to kernel taint
[   80.419335][ T7378] Kernel panic - not syncing: panic_on_warn set ...
[   80.425908][ T7378] CPU: 1 PID: 7378 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc7-syzkaller #0
[   80.435865][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   80.445913][ T7378] Call Trace:
[   80.449183][ T7378]  dump_stack+0x18f/0x20d
[   80.453497][ T7378]  panic+0x2e3/0x75c
[   80.457379][ T7378]  ? __warn_printk+0xf3/0xf3
[   80.461942][ T7378]  ? _raw_spin_unlock_irqrestore+0x5b/0xe0
[   80.467725][ T7378]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   80.473327][ T7378]  end_report+0x4d/0x53
[   80.477469][ T7378]  kasan_report_invalid_free+0x6d/0x80
[   80.482901][ T7378]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   80.488507][ T7378]  __kasan_slab_free+0x127/0x140
[   80.493435][ T7378]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   80.499048][ T7378]  kfree+0x103/0x2c0
[   80.502926][ T7378]  snd_seq_port_disconnect+0x4c1/0x5c0
[   80.508368][ T7378]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[   80.514420][ T7378]  ? snd_seq_ioctl_running_mode+0x180/0x180
[   80.520313][ T7378]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   80.526099][ T7378]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   80.532102][ T7378]  snd_seq_kernel_client_ctl+0xeb/0x130
[   80.537669][ T7378]  snd_seq_oss_midi_close+0x36e/0x4d0
[   80.543028][ T7378]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[   80.548642][ T7378]  ? tomoyo_execute_permission+0x470/0x470
[   80.554445][ T7378]  snd_seq_oss_synth_reset+0x418/0x860
[   80.559891][ T7378]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[   80.565674][ T7378]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   80.571543][ T7378]  snd_seq_oss_reset+0x6f/0x290
[   80.576374][ T7378]  snd_seq_oss_ioctl+0xb7b/0xd40
[   80.581410][ T7378]  ? snd_seq_oss_midi_info_user+0x140/0x140
[   80.587284][ T7378]  ? __fget_files+0x294/0x400
[   80.591955][ T7378]  odev_ioctl+0x4f/0x90
[   80.596103][ T7378]  ? odev_open+0x90/0x90
[   80.600322][ T7378]  ksys_ioctl+0x11a/0x180
[   80.604627][ T7378]  __x64_sys_ioctl+0x6f/0xb0
[   80.609205][ T7378]  ? lockdep_hardirqs_on+0x6a/0xe0
[   80.614289][ T7378]  do_syscall_64+0x60/0xe0
[   80.618697][ T7378]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   80.624565][ T7378] RIP: 0033:0x45cc79
[   80.628446][ T7378] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   80.648029][ T7378] RSP: 002b:00007fa92c82bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   80.656421][ T7378] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79
[   80.664380][ T7378] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[   80.672362][ T7378] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000
[   80.680322][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
[   80.688278][ T7378] R13: 00007ffcc6f2c79f R14: 00007fa92c82c9c0 R15: 000000000078bf0c
[   80.697271][ T7378] Kernel Offset: disabled
[   80.701588][ T7378] Rebooting in 86400 seconds..