Starting OpenBSD Secure Shell server... [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting getty on tty2-tty6 if dbus and logind are not available... Starting Permit User Sessions... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Found device /dev/ttyS0. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts. 2020/07/31 12:06:05 parsed 1 programs 2020/07/31 12:06:06 executed programs: 0 syzkaller login: [ 68.579091][ T27] audit: type=1400 audit(1596197166.312:8): avc: denied { execmem } for pid=6840 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 68.614033][ T6841] IPVS: ftp: loaded support on port[0] = 21 [ 68.724921][ T6841] chnl_net:caif_netlink_parms(): no params data found [ 68.776406][ T6841] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.784354][ T6841] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.792898][ T6841] device bridge_slave_0 entered promiscuous mode [ 68.802614][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.810105][ T6841] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.818130][ T6841] device bridge_slave_1 entered promiscuous mode [ 68.837011][ T6841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.848551][ T6841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.870551][ T6841] team0: Port device team_slave_0 added [ 68.878482][ T6841] team0: Port device team_slave_1 added [ 68.895717][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.902753][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.929517][ T6841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.942260][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.949502][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.975495][ T6841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.051042][ T6841] device hsr_slave_0 entered promiscuous mode [ 69.117900][ T6841] device hsr_slave_1 entered promiscuous mode [ 69.246521][ T6841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.290609][ T6841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.370345][ T6841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.420399][ T6841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.475407][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.482639][ T6841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.490780][ T6841] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.497947][ T6841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.542776][ T6841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.556255][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.569010][ T2567] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.577312][ T2567] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.586378][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 69.600061][ T6841] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.611791][ T3790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.621015][ T3790] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.628778][ T3790] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.649567][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.659017][ T2567] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.666123][ T2567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.675077][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.685295][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.697807][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.711361][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.720836][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.732914][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.741664][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.752990][ T6841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.772232][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.781838][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.796920][ T6841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.818435][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 69.827167][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.847111][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 69.856088][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.867167][ T6841] device veth0_vlan entered promiscuous mode [ 69.874364][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.883658][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.896478][ T6841] device veth1_vlan entered promiscuous mode [ 69.918940][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 69.927010][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 69.936660][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 69.945806][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 69.958529][ T6841] device veth0_macvtap entered promiscuous mode [ 69.970000][ T6841] device veth1_macvtap entered promiscuous mode [ 69.988725][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.996275][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 70.005267][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 70.014113][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 70.023738][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.036302][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.044587][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 70.054423][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.349394][ T7137] ================================================================== [ 72.357697][ T7137] BUG: KASAN: double-free or invalid-free in snd_seq_port_disconnect+0x4c1/0x5c0 [ 72.366804][ T7137] [ 72.369144][ T7137] CPU: 0 PID: 7137 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 72.377730][ T7137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.387794][ T7137] Call Trace: [ 72.391098][ T7137] dump_stack+0x18f/0x20d [ 72.395448][ T7137] print_address_description.constprop.0.cold+0xae/0x436 [ 72.402518][ T7137] ? lockdep_hardirqs_off+0x66/0xa0 [ 72.407738][ T7137] ? vprintk_func+0x97/0x1a6 [ 72.412344][ T7137] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 72.417993][ T7137] kasan_report_invalid_free+0x51/0x80 [ 72.423477][ T7137] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 72.429159][ T7137] __kasan_slab_free+0x127/0x140 [ 72.434091][ T7137] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 72.439738][ T7137] kfree+0x103/0x2c0 [ 72.443640][ T7137] snd_seq_port_disconnect+0x4c1/0x5c0 [ 72.449111][ T7137] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 72.455187][ T7137] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 72.461089][ T7137] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 72.466897][ T7137] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 72.472876][ T7137] snd_seq_kernel_client_ctl+0xeb/0x130 [ 72.478419][ T7137] snd_seq_oss_midi_close+0x36e/0x4d0 [ 72.483809][ T7137] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 72.489459][ T7137] ? tomoyo_execute_permission+0x470/0x470 [ 72.495303][ T7137] snd_seq_oss_synth_reset+0x418/0x860 [ 72.500771][ T7137] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 72.506696][ T7137] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 72.513670][ T7137] snd_seq_oss_reset+0x6f/0x290 [ 72.518551][ T7137] snd_seq_oss_ioctl+0xb7b/0xd40 [ 72.523496][ T7137] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 72.529425][ T7137] ? __fget_files+0x294/0x400 [ 72.534136][ T7137] odev_ioctl+0x4f/0x90 [ 72.538394][ T7137] ? odev_open+0x90/0x90 [ 72.542679][ T7137] ksys_ioctl+0x11a/0x180 [ 72.547026][ T7137] __x64_sys_ioctl+0x6f/0xb0 [ 72.551608][ T7137] ? lockdep_hardirqs_on+0x6a/0xe0 [ 72.556719][ T7137] do_syscall_64+0x60/0xe0 [ 72.561129][ T7137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.567020][ T7137] RIP: 0033:0x45cc79 [ 72.570916][ T7137] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.590520][ T7137] RSP: 002b:00007fbd53ee6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.598928][ T7137] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79 [ 72.606911][ T7137] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 72.614874][ T7137] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000 [ 72.622837][ T7137] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 72.630800][ T7137] R13: 00007fffd9c30def R14: 00007fbd53ee79c0 R15: 000000000078bf0c [ 72.638786][ T7137] [ 72.641101][ T7137] Allocated by task 7137: [ 72.645440][ T7137] save_stack+0x1b/0x40 [ 72.649587][ T7137] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 72.655207][ T7137] kmem_cache_alloc_trace+0x14f/0x2d0 [ 72.660571][ T7137] snd_seq_port_connect+0x5d/0x520 [ 72.665670][ T7137] snd_seq_ioctl_subscribe_port+0x1fc/0x400 [ 72.671564][ T7137] snd_seq_kernel_client_ctl+0xeb/0x130 [ 72.677124][ T7137] snd_seq_oss_midi_open+0x466/0x6e0 [ 72.682411][ T7137] snd_seq_oss_synth_setup_midi+0x123/0x520 [ 72.688322][ T7137] snd_seq_oss_open+0x87e/0xa10 [ 72.693175][ T7137] odev_open+0x6c/0x90 [ 72.697242][ T7137] soundcore_open+0x445/0x600 [ 72.701921][ T7137] chrdev_open+0x266/0x770 [ 72.706343][ T7137] do_dentry_open+0x501/0x1290 [ 72.711115][ T7137] path_openat+0x1bb9/0x2750 [ 72.715690][ T7137] do_filp_open+0x17e/0x3c0 [ 72.720178][ T7137] do_sys_openat2+0x16f/0x3b0 [ 72.724838][ T7137] __x64_sys_openat+0x13f/0x1f0 [ 72.729701][ T7137] do_syscall_64+0x60/0xe0 [ 72.734144][ T7137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.740028][ T7137] [ 72.742425][ T7137] Freed by task 7138: [ 72.746394][ T7137] save_stack+0x1b/0x40 [ 72.750529][ T7137] __kasan_slab_free+0xf5/0x140 [ 72.755367][ T7137] kfree+0x103/0x2c0 [ 72.759249][ T7137] snd_seq_port_disconnect+0x4c1/0x5c0 [ 72.764694][ T7137] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 72.770766][ T7137] snd_seq_kernel_client_ctl+0xeb/0x130 [ 72.776301][ T7137] snd_seq_oss_midi_close+0x36e/0x4d0 [ 72.781663][ T7137] snd_seq_oss_synth_reset+0x418/0x860 [ 72.787116][ T7137] snd_seq_oss_reset+0x6f/0x290 [ 72.791970][ T7137] snd_seq_oss_ioctl+0xb7b/0xd40 [ 72.796890][ T7137] odev_ioctl+0x4f/0x90 [ 72.801042][ T7137] ksys_ioctl+0x11a/0x180 [ 72.805351][ T7137] __x64_sys_ioctl+0x6f/0xb0 [ 72.809925][ T7137] do_syscall_64+0x60/0xe0 [ 72.814323][ T7137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.820186][ T7137] [ 72.822504][ T7137] The buggy address belongs to the object at ffff88809e575900 [ 72.822504][ T7137] which belongs to the cache kmalloc-128 of size 128 [ 72.836556][ T7137] The buggy address is located 0 bytes inside of [ 72.836556][ T7137] 128-byte region [ffff88809e575900, ffff88809e575980) [ 72.849649][ T7137] The buggy address belongs to the page: [ 72.855272][ T7137] page:ffffea0002795d40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 72.864361][ T7137] flags: 0xfffe0000000200(slab) [ 72.869213][ T7137] raw: 00fffe0000000200 ffffea0002783f48 ffffea0002997b08 ffff8880aa000700 [ 72.877892][ T7137] raw: 0000000000000000 ffff88809e575000 0000000100000010 0000000000000000 [ 72.886458][ T7137] page dumped because: kasan: bad access detected [ 72.892867][ T7137] [ 72.895257][ T7137] Memory state around the buggy address: [ 72.900875][ T7137] ffff88809e575800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.908944][ T7137] ffff88809e575880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.917034][ T7137] >ffff88809e575900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.925125][ T7137] ^ [ 72.929182][ T7137] ffff88809e575980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.937228][ T7137] ffff88809e575a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.945272][ T7137] ================================================================== [ 72.953320][ T7137] Disabling lock debugging due to kernel taint [ 72.959464][ T7137] Kernel panic - not syncing: panic_on_warn set ... [ 72.966031][ T7137] CPU: 0 PID: 7137 Comm: syz-executor.0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 72.975979][ T7137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.986034][ T7137] Call Trace: [ 72.989310][ T7137] dump_stack+0x18f/0x20d [ 72.993638][ T7137] panic+0x2e3/0x75c [ 72.997530][ T7137] ? __warn_printk+0xf3/0xf3 [ 73.002098][ T7137] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 73.007899][ T7137] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.013514][ T7137] end_report+0x4d/0x53 [ 73.017657][ T7137] kasan_report_invalid_free+0x6d/0x80 [ 73.023107][ T7137] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.028720][ T7137] __kasan_slab_free+0x127/0x140 [ 73.033659][ T7137] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.039391][ T7137] kfree+0x103/0x2c0 [ 73.043272][ T7137] snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.048717][ T7137] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 73.054770][ T7137] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 73.060687][ T7137] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 73.066498][ T7137] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 73.072470][ T7137] snd_seq_kernel_client_ctl+0xeb/0x130 [ 73.078046][ T7137] snd_seq_oss_midi_close+0x36e/0x4d0 [ 73.083409][ T7137] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 73.089036][ T7137] ? tomoyo_execute_permission+0x470/0x470 [ 73.094831][ T7137] snd_seq_oss_synth_reset+0x418/0x860 [ 73.100277][ T7137] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 73.106667][ T7137] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 73.112544][ T7137] snd_seq_oss_reset+0x6f/0x290 [ 73.117383][ T7137] snd_seq_oss_ioctl+0xb7b/0xd40 [ 73.122309][ T7137] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 73.128189][ T7137] ? __fget_files+0x294/0x400 [ 73.132921][ T7137] odev_ioctl+0x4f/0x90 [ 73.137072][ T7137] ? odev_open+0x90/0x90 [ 73.141303][ T7137] ksys_ioctl+0x11a/0x180 [ 73.145625][ T7137] __x64_sys_ioctl+0x6f/0xb0 [ 73.150216][ T7137] ? lockdep_hardirqs_on+0x6a/0xe0 [ 73.155312][ T7137] do_syscall_64+0x60/0xe0 [ 73.159731][ T7137] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.165626][ T7137] RIP: 0033:0x45cc79 [ 73.169526][ T7137] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.189303][ T7137] RSP: 002b:00007fbd53ee6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.197715][ T7137] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79 [ 73.205701][ T7137] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 73.213657][ T7137] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000 [ 73.221612][ T7137] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 73.229566][ T7137] R13: 00007fffd9c30def R14: 00007fbd53ee79c0 R15: 000000000078bf0c [ 73.238560][ T7137] Kernel Offset: disabled [ 73.242899][ T7137] Rebooting in 86400 seconds..