         Starting OpenBSD Secure Shell server...
[[0;32m  OK  [0m] Started Daily apt upgrade and clean activities.
[[0;32m  OK  [0m] Reached target Timers.
         Starting getty on tty2-tty6 if dbus and logind are not available...
         Starting Permit User Sessions...
[[0;32m  OK  [0m] Started System Logging Service.
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Found device /dev/ttyS0.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts.
2020/07/31 12:06:05 parsed 1 programs
2020/07/31 12:06:06 executed programs: 0
syzkaller login: [   68.579091][   T27] audit: type=1400 audit(1596197166.312:8): avc:  denied  { execmem } for  pid=6840 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   68.614033][ T6841] IPVS: ftp: loaded support on port[0] = 21
[   68.724921][ T6841] chnl_net:caif_netlink_parms(): no params data found
[   68.776406][ T6841] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.784354][ T6841] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.792898][ T6841] device bridge_slave_0 entered promiscuous mode
[   68.802614][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.810105][ T6841] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.818130][ T6841] device bridge_slave_1 entered promiscuous mode
[   68.837011][ T6841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.848551][ T6841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.870551][ T6841] team0: Port device team_slave_0 added
[   68.878482][ T6841] team0: Port device team_slave_1 added
[   68.895717][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.902753][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.929517][ T6841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.942260][ T6841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.949502][ T6841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.975495][ T6841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.051042][ T6841] device hsr_slave_0 entered promiscuous mode
[   69.117900][ T6841] device hsr_slave_1 entered promiscuous mode
[   69.246521][ T6841] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.290609][ T6841] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.370345][ T6841] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.420399][ T6841] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.475407][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.482639][ T6841] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.490780][ T6841] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.497947][ T6841] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.542776][ T6841] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.556255][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.569010][ T2567] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.577312][ T2567] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.586378][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   69.600061][ T6841] 8021q: adding VLAN 0 to HW filter on device team0
[   69.611791][ T3790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.621015][ T3790] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.628778][ T3790] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.649567][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.659017][ T2567] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.666123][ T2567] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.675077][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.685295][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.697807][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.711361][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.720836][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.732914][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.741664][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.752990][ T6841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.772232][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   69.781838][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   69.796920][ T6841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.818435][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   69.827167][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   69.847111][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   69.856088][ T7049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   69.867167][ T6841] device veth0_vlan entered promiscuous mode
[   69.874364][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   69.883658][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   69.896478][ T6841] device veth1_vlan entered promiscuous mode
[   69.918940][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   69.927010][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   69.936660][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   69.945806][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   69.958529][ T6841] device veth0_macvtap entered promiscuous mode
[   69.970000][ T6841] device veth1_macvtap entered promiscuous mode
[   69.988725][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.996275][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   70.005267][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   70.014113][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   70.023738][ T3791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   70.036302][ T6841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.044587][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   70.054423][ T2567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   72.349394][ T7137] ==================================================================
[   72.357697][ T7137] BUG: KASAN: double-free or invalid-free in snd_seq_port_disconnect+0x4c1/0x5c0
[   72.366804][ T7137] 
[   72.369144][ T7137] CPU: 0 PID: 7137 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0
[   72.377730][ T7137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.387794][ T7137] Call Trace:
[   72.391098][ T7137]  dump_stack+0x18f/0x20d
[   72.395448][ T7137]  print_address_description.constprop.0.cold+0xae/0x436
[   72.402518][ T7137]  ? lockdep_hardirqs_off+0x66/0xa0
[   72.407738][ T7137]  ? vprintk_func+0x97/0x1a6
[   72.412344][ T7137]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   72.417993][ T7137]  kasan_report_invalid_free+0x51/0x80
[   72.423477][ T7137]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   72.429159][ T7137]  __kasan_slab_free+0x127/0x140
[   72.434091][ T7137]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   72.439738][ T7137]  kfree+0x103/0x2c0
[   72.443640][ T7137]  snd_seq_port_disconnect+0x4c1/0x5c0
[   72.449111][ T7137]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[   72.455187][ T7137]  ? snd_seq_ioctl_running_mode+0x180/0x180
[   72.461089][ T7137]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   72.466897][ T7137]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   72.472876][ T7137]  snd_seq_kernel_client_ctl+0xeb/0x130
[   72.478419][ T7137]  snd_seq_oss_midi_close+0x36e/0x4d0
[   72.483809][ T7137]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[   72.489459][ T7137]  ? tomoyo_execute_permission+0x470/0x470
[   72.495303][ T7137]  snd_seq_oss_synth_reset+0x418/0x860
[   72.500771][ T7137]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[   72.506696][ T7137]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   72.513670][ T7137]  snd_seq_oss_reset+0x6f/0x290
[   72.518551][ T7137]  snd_seq_oss_ioctl+0xb7b/0xd40
[   72.523496][ T7137]  ? snd_seq_oss_midi_info_user+0x140/0x140
[   72.529425][ T7137]  ? __fget_files+0x294/0x400
[   72.534136][ T7137]  odev_ioctl+0x4f/0x90
[   72.538394][ T7137]  ? odev_open+0x90/0x90
[   72.542679][ T7137]  ksys_ioctl+0x11a/0x180
[   72.547026][ T7137]  __x64_sys_ioctl+0x6f/0xb0
[   72.551608][ T7137]  ? lockdep_hardirqs_on+0x6a/0xe0
[   72.556719][ T7137]  do_syscall_64+0x60/0xe0
[   72.561129][ T7137]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   72.567020][ T7137] RIP: 0033:0x45cc79
[   72.570916][ T7137] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   72.590520][ T7137] RSP: 002b:00007fbd53ee6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.598928][ T7137] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79
[   72.606911][ T7137] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[   72.614874][ T7137] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000
[   72.622837][ T7137] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
[   72.630800][ T7137] R13: 00007fffd9c30def R14: 00007fbd53ee79c0 R15: 000000000078bf0c
[   72.638786][ T7137] 
[   72.641101][ T7137] Allocated by task 7137:
[   72.645440][ T7137]  save_stack+0x1b/0x40
[   72.649587][ T7137]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[   72.655207][ T7137]  kmem_cache_alloc_trace+0x14f/0x2d0
[   72.660571][ T7137]  snd_seq_port_connect+0x5d/0x520
[   72.665670][ T7137]  snd_seq_ioctl_subscribe_port+0x1fc/0x400
[   72.671564][ T7137]  snd_seq_kernel_client_ctl+0xeb/0x130
[   72.677124][ T7137]  snd_seq_oss_midi_open+0x466/0x6e0
[   72.682411][ T7137]  snd_seq_oss_synth_setup_midi+0x123/0x520
[   72.688322][ T7137]  snd_seq_oss_open+0x87e/0xa10
[   72.693175][ T7137]  odev_open+0x6c/0x90
[   72.697242][ T7137]  soundcore_open+0x445/0x600
[   72.701921][ T7137]  chrdev_open+0x266/0x770
[   72.706343][ T7137]  do_dentry_open+0x501/0x1290
[   72.711115][ T7137]  path_openat+0x1bb9/0x2750
[   72.715690][ T7137]  do_filp_open+0x17e/0x3c0
[   72.720178][ T7137]  do_sys_openat2+0x16f/0x3b0
[   72.724838][ T7137]  __x64_sys_openat+0x13f/0x1f0
[   72.729701][ T7137]  do_syscall_64+0x60/0xe0
[   72.734144][ T7137]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   72.740028][ T7137] 
[   72.742425][ T7137] Freed by task 7138:
[   72.746394][ T7137]  save_stack+0x1b/0x40
[   72.750529][ T7137]  __kasan_slab_free+0xf5/0x140
[   72.755367][ T7137]  kfree+0x103/0x2c0
[   72.759249][ T7137]  snd_seq_port_disconnect+0x4c1/0x5c0
[   72.764694][ T7137]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[   72.770766][ T7137]  snd_seq_kernel_client_ctl+0xeb/0x130
[   72.776301][ T7137]  snd_seq_oss_midi_close+0x36e/0x4d0
[   72.781663][ T7137]  snd_seq_oss_synth_reset+0x418/0x860
[   72.787116][ T7137]  snd_seq_oss_reset+0x6f/0x290
[   72.791970][ T7137]  snd_seq_oss_ioctl+0xb7b/0xd40
[   72.796890][ T7137]  odev_ioctl+0x4f/0x90
[   72.801042][ T7137]  ksys_ioctl+0x11a/0x180
[   72.805351][ T7137]  __x64_sys_ioctl+0x6f/0xb0
[   72.809925][ T7137]  do_syscall_64+0x60/0xe0
[   72.814323][ T7137]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   72.820186][ T7137] 
[   72.822504][ T7137] The buggy address belongs to the object at ffff88809e575900
[   72.822504][ T7137]  which belongs to the cache kmalloc-128 of size 128
[   72.836556][ T7137] The buggy address is located 0 bytes inside of
[   72.836556][ T7137]  128-byte region [ffff88809e575900, ffff88809e575980)
[   72.849649][ T7137] The buggy address belongs to the page:
[   72.855272][ T7137] page:ffffea0002795d40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   72.864361][ T7137] flags: 0xfffe0000000200(slab)
[   72.869213][ T7137] raw: 00fffe0000000200 ffffea0002783f48 ffffea0002997b08 ffff8880aa000700
[   72.877892][ T7137] raw: 0000000000000000 ffff88809e575000 0000000100000010 0000000000000000
[   72.886458][ T7137] page dumped because: kasan: bad access detected
[   72.892867][ T7137] 
[   72.895257][ T7137] Memory state around the buggy address:
[   72.900875][ T7137]  ffff88809e575800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.908944][ T7137]  ffff88809e575880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.917034][ T7137] >ffff88809e575900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.925125][ T7137]                    ^
[   72.929182][ T7137]  ffff88809e575980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.937228][ T7137]  ffff88809e575a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.945272][ T7137] ==================================================================
[   72.953320][ T7137] Disabling lock debugging due to kernel taint
[   72.959464][ T7137] Kernel panic - not syncing: panic_on_warn set ...
[   72.966031][ T7137] CPU: 0 PID: 7137 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc7-syzkaller #0
[   72.975979][ T7137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.986034][ T7137] Call Trace:
[   72.989310][ T7137]  dump_stack+0x18f/0x20d
[   72.993638][ T7137]  panic+0x2e3/0x75c
[   72.997530][ T7137]  ? __warn_printk+0xf3/0xf3
[   73.002098][ T7137]  ? _raw_spin_unlock_irqrestore+0x5b/0xe0
[   73.007899][ T7137]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   73.013514][ T7137]  end_report+0x4d/0x53
[   73.017657][ T7137]  kasan_report_invalid_free+0x6d/0x80
[   73.023107][ T7137]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   73.028720][ T7137]  __kasan_slab_free+0x127/0x140
[   73.033659][ T7137]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[   73.039391][ T7137]  kfree+0x103/0x2c0
[   73.043272][ T7137]  snd_seq_port_disconnect+0x4c1/0x5c0
[   73.048717][ T7137]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[   73.054770][ T7137]  ? snd_seq_ioctl_running_mode+0x180/0x180
[   73.060687][ T7137]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   73.066498][ T7137]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   73.072470][ T7137]  snd_seq_kernel_client_ctl+0xeb/0x130
[   73.078046][ T7137]  snd_seq_oss_midi_close+0x36e/0x4d0
[   73.083409][ T7137]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[   73.089036][ T7137]  ? tomoyo_execute_permission+0x470/0x470
[   73.094831][ T7137]  snd_seq_oss_synth_reset+0x418/0x860
[   73.100277][ T7137]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[   73.106667][ T7137]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   73.112544][ T7137]  snd_seq_oss_reset+0x6f/0x290
[   73.117383][ T7137]  snd_seq_oss_ioctl+0xb7b/0xd40
[   73.122309][ T7137]  ? snd_seq_oss_midi_info_user+0x140/0x140
[   73.128189][ T7137]  ? __fget_files+0x294/0x400
[   73.132921][ T7137]  odev_ioctl+0x4f/0x90
[   73.137072][ T7137]  ? odev_open+0x90/0x90
[   73.141303][ T7137]  ksys_ioctl+0x11a/0x180
[   73.145625][ T7137]  __x64_sys_ioctl+0x6f/0xb0
[   73.150216][ T7137]  ? lockdep_hardirqs_on+0x6a/0xe0
[   73.155312][ T7137]  do_syscall_64+0x60/0xe0
[   73.159731][ T7137]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   73.165626][ T7137] RIP: 0033:0x45cc79
[   73.169526][ T7137] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   73.189303][ T7137] RSP: 002b:00007fbd53ee6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.197715][ T7137] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79
[   73.205701][ T7137] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[   73.213657][ T7137] RBP: 000000000078bf38 R08: 0000000000000000 R09: 0000000000000000
[   73.221612][ T7137] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
[   73.229566][ T7137] R13: 00007fffd9c30def R14: 00007fbd53ee79c0 R15: 000000000078bf0c
[   73.238560][ T7137] Kernel Offset: disabled
[   73.242899][ T7137] Rebooting in 86400 seconds..