[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
2020/08/04 02:54:40 parsed 1 programs
2020/08/04 02:54:40 executed programs: 0
syzkaller login: [ 1046.573099][ T6863] IPVS: ftp: loaded support on port[0] = 21
[ 1046.681923][ T6863] chnl_net:caif_netlink_parms(): no params data found
[ 1046.734463][ T6863] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1046.750423][ T6863] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1046.759301][ T6863] device bridge_slave_0 entered promiscuous mode
[ 1046.768520][ T6863] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1046.775690][ T6863] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1046.784135][ T6863] device bridge_slave_1 entered promiscuous mode
[ 1046.803725][ T6863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1046.819363][ T6863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1046.842241][ T6863] team0: Port device team_slave_0 added
[ 1046.849787][ T6863] team0: Port device team_slave_1 added
[ 1046.868122][ T6863] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1046.875183][ T6863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1046.905172][ T6863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1046.917681][ T6863] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1046.924711][ T6863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1046.957097][ T6863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1047.039852][ T6863] device hsr_slave_0 entered promiscuous mode
[ 1047.076988][ T6863] device hsr_slave_1 entered promiscuous mode
[ 1047.202200][ T6863] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1047.249587][ T6863] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1047.310504][ T6863] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1047.369229][ T6863] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1047.442759][ T6863] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1047.450150][ T6863] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1047.461107][ T6863] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1047.468422][ T6863] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1047.520182][ T6863] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1047.533369][ T6840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1047.544403][ T6840] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1047.552995][ T6840] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1047.562008][ T6840] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1047.575292][ T6863] 8021q: adding VLAN 0 to HW filter on device team0
[ 1047.588175][ T6832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1047.597362][ T6832] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1047.605312][ T6832] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1047.629909][ T7075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1047.641630][ T7075] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1047.648743][ T7075] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1047.659484][ T7075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1047.668375][ T7075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1047.684269][ T6863] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1047.697374][ T6863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1047.710927][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1047.719199][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1047.735232][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1047.745700][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1047.765182][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1047.773153][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1047.785551][ T6863] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1047.803966][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1047.813175][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1047.834201][ T6863] device veth0_vlan entered promiscuous mode
[ 1047.841009][ T6840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1047.852472][ T6840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1047.862069][ T6840] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1047.870212][ T6840] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1047.882863][ T6863] device veth1_vlan entered promiscuous mode
[ 1047.903755][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1047.912576][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1047.922155][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1047.931114][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1047.941831][ T6863] device veth0_macvtap entered promiscuous mode
[ 1047.952689][ T6863] device veth1_macvtap entered promiscuous mode
[ 1047.970956][ T6863] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1047.980176][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1047.988640][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1047.997671][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1048.006181][ T2614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1048.018716][ T6863] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1048.026914][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1048.036405][ T7073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1048.048500][ T6863] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.058538][ T6863] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.067921][ T6863] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1048.079226][ T6863] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1051.406940][ T6840] Bluetooth: hci0: command 0x0409 tx timeout
2020/08/04 02:54:45 executed programs: 54
[ 1051.588281][ T7299] ==================================================================
[ 1051.596762][ T7299] BUG: KASAN: double-free or invalid-free in snd_seq_port_disconnect+0x4c1/0x5c0
[ 1051.606836][ T7299] 
[ 1051.609177][ T7299] CPU: 0 PID: 7299 Comm: syz-executor.0 Not tainted 5.8.0-rc7-next-20200731-syzkaller #0
[ 1051.621321][ T7299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1051.632770][ T7299] Call Trace:
[ 1051.636107][ T7299]  dump_stack+0x18f/0x20d
[ 1051.641968][ T7299]  print_address_description.constprop.0.cold+0xae/0x497
[ 1051.649166][ T7299]  ? lockdep_hardirqs_off+0x7e/0xb0
[ 1051.654377][ T7299]  ? vprintk_func+0x97/0x1a6
[ 1051.659007][ T7299]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1051.664651][ T7299]  kasan_report_invalid_free+0x51/0x80
[ 1051.670310][ T7299]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1051.676095][ T7299]  __kasan_slab_free+0x107/0x120
[ 1051.681021][ T7299]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1051.686680][ T7299]  kfree+0x103/0x2c0
[ 1051.690780][ T7299]  snd_seq_port_disconnect+0x4c1/0x5c0
[ 1051.697272][ T7299]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[ 1051.703756][ T7299]  ? snd_seq_ioctl_running_mode+0x180/0x180
[ 1051.710471][ T7299]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[ 1051.717709][ T7299]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[ 1051.724186][ T7299]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1051.729738][ T7299]  snd_seq_oss_midi_close+0x36e/0x4d0
[ 1051.735092][ T7299]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[ 1051.741057][ T7299]  ? tomoyo_execute_permission+0x470/0x470
[ 1051.746963][ T7299]  snd_seq_oss_synth_reset+0x418/0x860
[ 1051.752589][ T7299]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[ 1051.758407][ T7299]  ? __sanitizer_cov_trace_switch+0x45/0x70
[ 1051.764419][ T7299]  snd_seq_oss_reset+0x6f/0x290
[ 1051.769260][ T7299]  snd_seq_oss_ioctl+0xb7b/0xd40
[ 1051.774204][ T7299]  ? snd_seq_oss_midi_info_user+0x140/0x140
[ 1051.780255][ T7299]  ? __fget_files+0x294/0x400
[ 1051.784969][ T7299]  odev_ioctl+0x4f/0x90
[ 1051.789114][ T7299]  ? odev_open+0x90/0x90
[ 1051.793345][ T7299]  __x64_sys_ioctl+0x193/0x200
[ 1051.798119][ T7299]  do_syscall_64+0x2d/0x70
[ 1051.802534][ T7299]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1051.808408][ T7299] RIP: 0033:0x45cce9
[ 1051.812285][ T7299] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1051.833464][ T7299] RSP: 002b:00007f8ac4a9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1051.841960][ T7299] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cce9
[ 1051.850034][ T7299] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[ 1051.858104][ T7299] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000
[ 1051.867025][ T7299] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac
[ 1051.874983][ T7299] R13: 00007ffe1d85ce3f R14: 00007f8ac4a9b9c0 R15: 000000000078bfac
[ 1051.882944][ T7299] 
[ 1051.885357][ T7299] Allocated by task 7298:
[ 1051.895676][ T7299]  kasan_save_stack+0x1b/0x40
[ 1051.901282][ T7299]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 1051.906952][ T7299]  kmem_cache_alloc_trace+0x16e/0x2c0
[ 1051.912312][ T7299]  snd_seq_port_connect+0x5d/0x520
[ 1051.920429][ T7299]  snd_seq_ioctl_subscribe_port+0x1fc/0x400
[ 1051.926497][ T7299]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1051.932210][ T7299]  snd_seq_oss_midi_open+0x466/0x6e0
[ 1051.938957][ T7299]  snd_seq_oss_synth_setup_midi+0x123/0x520
[ 1051.944834][ T7299]  snd_seq_oss_open+0x87e/0xa10
[ 1051.949879][ T7299]  odev_open+0x6c/0x90
[ 1051.954039][ T7299]  soundcore_open+0x445/0x600
[ 1051.958713][ T7299]  chrdev_open+0x266/0x770
[ 1051.963163][ T7299]  do_dentry_open+0x4b9/0x11b0
[ 1051.967924][ T7299]  path_openat+0x1b9a/0x2730
[ 1051.972552][ T7299]  do_filp_open+0x17e/0x3c0
[ 1051.977832][ T7299]  do_sys_openat2+0x16d/0x420
[ 1051.982512][ T7299]  __x64_sys_openat+0x13f/0x1f0
[ 1051.987377][ T7299]  do_syscall_64+0x2d/0x70
[ 1051.991775][ T7299]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1051.997642][ T7299] 
[ 1051.999976][ T7299] Freed by task 7298:
[ 1052.004289][ T7299]  kasan_save_stack+0x1b/0x40
[ 1052.009140][ T7299]  kasan_set_track+0x1c/0x30
[ 1052.017294][ T7299]  kasan_set_free_info+0x1b/0x30
[ 1052.022953][ T7299]  __kasan_slab_free+0xd8/0x120
[ 1052.028770][ T7299]  kfree+0x103/0x2c0
[ 1052.032853][ T7299]  snd_seq_port_disconnect+0x4c1/0x5c0
[ 1052.038656][ T7299]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[ 1052.045536][ T7299]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1052.051675][ T7299]  snd_seq_oss_midi_close+0x36e/0x4d0
[ 1052.057029][ T7299]  snd_seq_oss_synth_reset+0x418/0x860
[ 1052.062472][ T7299]  snd_seq_oss_reset+0x6f/0x290
[ 1052.067304][ T7299]  snd_seq_oss_ioctl+0xb7b/0xd40
[ 1052.072238][ T7299]  odev_ioctl+0x4f/0x90
[ 1052.076376][ T7299]  __x64_sys_ioctl+0x193/0x200
[ 1052.081128][ T7299]  do_syscall_64+0x2d/0x70
[ 1052.085528][ T7299]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1052.091573][ T7299] 
[ 1052.093902][ T7299] The buggy address belongs to the object at ffff88809062d000
[ 1052.093902][ T7299]  which belongs to the cache kmalloc-128 of size 128
[ 1052.107948][ T7299] The buggy address is located 0 bytes inside of
[ 1052.107948][ T7299]  128-byte region [ffff88809062d000, ffff88809062d080)
[ 1052.121048][ T7299] The buggy address belongs to the page:
[ 1052.126675][ T7299] page:0000000077ab10bd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9062d
[ 1052.136816][ T7299] flags: 0xfffe0000000200(slab)
[ 1052.141655][ T7299] raw: 00fffe0000000200 ffffea00024099c8 ffffea0002914e08 ffff8880aa000400
[ 1052.150214][ T7299] raw: 0000000000000000 ffff88809062d000 0000000100000010 0000000000000000
[ 1052.158796][ T7299] page dumped because: kasan: bad access detected
[ 1052.165183][ T7299] 
[ 1052.167486][ T7299] Memory state around the buggy address:
[ 1052.173195][ T7299]  ffff88809062cf00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1052.181231][ T7299]  ffff88809062cf80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1052.189267][ T7299] >ffff88809062d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1052.197299][ T7299]                    ^
[ 1052.201344][ T7299]  ffff88809062d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1052.209384][ T7299]  ffff88809062d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1052.217417][ T7299] ==================================================================
[ 1052.225455][ T7299] Disabling lock debugging due to kernel taint
[ 1052.231585][ T7299] Kernel panic - not syncing: panic_on_warn set ...
[ 1052.238160][ T7299] CPU: 0 PID: 7299 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc7-next-20200731-syzkaller #0
[ 1052.249316][ T7299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1052.259356][ T7299] Call Trace:
[ 1052.262625][ T7299]  dump_stack+0x18f/0x20d
[ 1052.266932][ T7299]  panic+0x2e3/0x75c
[ 1052.270804][ T7299]  ? __warn_printk+0xf3/0xf3
[ 1052.275384][ T7299]  ? _raw_spin_unlock_irqrestore+0x5b/0xe0
[ 1052.281181][ T7299]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1052.286795][ T7299]  end_report+0x4d/0x53
[ 1052.290929][ T7299]  kasan_report_invalid_free+0x6d/0x80
[ 1052.296377][ T7299]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1052.301987][ T7299]  __kasan_slab_free+0x107/0x120
[ 1052.306947][ T7299]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1052.312555][ T7299]  kfree+0x103/0x2c0
[ 1052.316431][ T7299]  snd_seq_port_disconnect+0x4c1/0x5c0
[ 1052.321879][ T7299]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[ 1052.327921][ T7299]  ? snd_seq_ioctl_running_mode+0x180/0x180
[ 1052.333790][ T7299]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[ 1052.339611][ T7299]  ? lockdep_hardirqs_on_prepare+0x354/0x530
[ 1052.345566][ T7299]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1052.351090][ T7299]  snd_seq_oss_midi_close+0x36e/0x4d0
[ 1052.356437][ T7299]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[ 1052.362067][ T7299]  ? tomoyo_execute_permission+0x470/0x470
[ 1052.367861][ T7299]  snd_seq_oss_synth_reset+0x418/0x860
[ 1052.373301][ T7299]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[ 1052.379084][ T7299]  ? __sanitizer_cov_trace_switch+0x45/0x70
[ 1052.384957][ T7299]  snd_seq_oss_reset+0x6f/0x290
[ 1052.389785][ T7299]  snd_seq_oss_ioctl+0xb7b/0xd40
[ 1052.394887][ T7299]  ? snd_seq_oss_midi_info_user+0x140/0x140
[ 1052.400768][ T7299]  ? __fget_files+0x294/0x400
[ 1052.405432][ T7299]  odev_ioctl+0x4f/0x90
[ 1052.409573][ T7299]  ? odev_open+0x90/0x90
[ 1052.413800][ T7299]  __x64_sys_ioctl+0x193/0x200
[ 1052.418548][ T7299]  do_syscall_64+0x2d/0x70
[ 1052.422947][ T7299]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1052.428817][ T7299] RIP: 0033:0x45cce9
[ 1052.432694][ T7299] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1052.452399][ T7299] RSP: 002b:00007f8ac4a9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1052.460924][ T7299] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cce9
[ 1052.468875][ T7299] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[ 1052.476823][ T7299] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000
[ 1052.484775][ T7299] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac
[ 1052.492724][ T7299] R13: 00007ffe1d85ce3f R14: 00007f8ac4a9b9c0 R15: 000000000078bfac
[ 1052.502358][ T7299] Kernel Offset: disabled
[ 1052.506682][ T7299] Rebooting in 86400 seconds..