[ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting OpenBSD Secure Shell server... [ OK ] Started Regular background program processing daemon. [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts. 2020/07/31 12:23:37 parsed 1 programs 2020/07/31 12:23:37 executed programs: 0 syzkaller login: [ 68.741481][ T27] audit: type=1400 audit(1596198217.355:8): avc: denied { execmem } for pid=6853 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 68.776018][ T6854] IPVS: ftp: loaded support on port[0] = 21 [ 68.881399][ T6854] chnl_net:caif_netlink_parms(): no params data found [ 68.930980][ T6854] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.938811][ T6854] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.947326][ T6854] device bridge_slave_0 entered promiscuous mode [ 68.956307][ T6854] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.963629][ T6854] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.971375][ T6854] device bridge_slave_1 entered promiscuous mode [ 68.993234][ T6854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.005344][ T6854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.027003][ T6854] team0: Port device team_slave_0 added [ 69.035000][ T6854] team0: Port device team_slave_1 added [ 69.052007][ T6854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.059315][ T6854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.085246][ T6854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.097661][ T6854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.104687][ T6854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.131196][ T6854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.196273][ T6854] device hsr_slave_0 entered promiscuous mode [ 69.234534][ T6854] device hsr_slave_1 entered promiscuous mode [ 69.360655][ T6854] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.437065][ T6854] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.485519][ T6854] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.525354][ T6854] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.589644][ T6854] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.596920][ T6854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.605172][ T6854] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.612230][ T6854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.658174][ T6854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.672319][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.682457][ T3670] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.691040][ T3670] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.700178][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 69.714420][ T6854] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.725552][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.734180][ T2494] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.741236][ T2494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.754024][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.762384][ T3670] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.769498][ T3670] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.795247][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.804389][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.812682][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.828051][ T6854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.839704][ T6854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.848511][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.857128][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.877998][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.886001][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.900979][ T6854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.920265][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 69.929950][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.953743][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 69.962238][ T3670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.971890][ T6854] device veth0_vlan entered promiscuous mode [ 69.979079][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.987681][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.001962][ T6854] device veth1_vlan entered promiscuous mode [ 70.022364][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 70.030628][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 70.039710][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 70.048615][ T2494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.060777][ T6854] device veth0_macvtap entered promiscuous mode [ 70.071551][ T6854] device veth1_macvtap entered promiscuous mode [ 70.088834][ T6854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.096707][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 70.106327][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 70.114642][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 70.123965][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.135670][ T6854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.144654][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 70.154026][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.453902][ T12] Bluetooth: hci0: command 0x0409 tx timeout 2020/07/31 12:23:42 executed programs: 53 [ 73.800094][ T7278] ================================================================== [ 73.808432][ T7278] BUG: KASAN: double-free or invalid-free in snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.817512][ T7278] [ 73.819826][ T7278] CPU: 0 PID: 7278 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 73.828379][ T7278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.838413][ T7278] Call Trace: [ 73.841688][ T7278] dump_stack+0x18f/0x20d [ 73.846014][ T7278] print_address_description.constprop.0.cold+0xae/0x436 [ 73.853031][ T7278] ? lockdep_hardirqs_off+0x66/0xa0 [ 73.858205][ T7278] ? vprintk_func+0x97/0x1a6 [ 73.862775][ T7278] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.868435][ T7278] kasan_report_invalid_free+0x51/0x80 [ 73.873870][ T7278] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.879475][ T7278] __kasan_slab_free+0x127/0x140 [ 73.884428][ T7278] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.890069][ T7278] kfree+0x103/0x2c0 [ 73.893946][ T7278] snd_seq_port_disconnect+0x4c1/0x5c0 [ 73.899397][ T7278] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 73.905472][ T7278] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 73.911350][ T7278] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 73.917137][ T7278] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 73.923102][ T7278] snd_seq_kernel_client_ctl+0xeb/0x130 [ 73.928716][ T7278] snd_seq_oss_midi_close+0x36e/0x4d0 [ 73.934192][ T7278] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 73.939808][ T7278] ? tomoyo_execute_permission+0x470/0x470 [ 73.945651][ T7278] snd_seq_oss_synth_reset+0x418/0x860 [ 73.951101][ T7278] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 73.956977][ T7278] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 73.962853][ T7278] snd_seq_oss_reset+0x6f/0x290 [ 73.967732][ T7278] snd_seq_oss_ioctl+0xb7b/0xd40 [ 73.972647][ T7278] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 73.978615][ T7278] ? __fget_files+0x294/0x400 [ 73.983272][ T7278] odev_ioctl+0x4f/0x90 [ 73.987410][ T7278] ? odev_open+0x90/0x90 [ 73.991628][ T7278] ksys_ioctl+0x11a/0x180 [ 73.995979][ T7278] __x64_sys_ioctl+0x6f/0xb0 [ 74.000655][ T7278] ? lockdep_hardirqs_on+0x6a/0xe0 [ 74.005748][ T7278] do_syscall_64+0x60/0xe0 [ 74.010142][ T7278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.016017][ T7278] RIP: 0033:0x45cc79 [ 74.019889][ T7278] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.039509][ T7278] RSP: 002b:00007f6de4cbdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.047896][ T7278] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79 [ 74.055841][ T7278] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 74.063785][ T7278] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 74.071730][ T7278] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 74.079676][ T7278] R13: 00007ffdb933aacf R14: 00007f6de4cbe9c0 R15: 000000000078bfac [ 74.087658][ T7278] [ 74.089964][ T7278] Allocated by task 7277: [ 74.094274][ T7278] save_stack+0x1b/0x40 [ 74.098401][ T7278] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 74.104006][ T7278] kmem_cache_alloc_trace+0x14f/0x2d0 [ 74.109349][ T7278] snd_seq_port_connect+0x5d/0x520 [ 74.114430][ T7278] snd_seq_ioctl_subscribe_port+0x1fc/0x400 [ 74.120300][ T7278] snd_seq_kernel_client_ctl+0xeb/0x130 [ 74.125839][ T7278] snd_seq_oss_midi_open+0x466/0x6e0 [ 74.131106][ T7278] snd_seq_oss_synth_setup_midi+0x123/0x520 [ 74.136970][ T7278] snd_seq_oss_open+0x87e/0xa10 [ 74.141794][ T7278] odev_open+0x6c/0x90 [ 74.145837][ T7278] soundcore_open+0x445/0x600 [ 74.150486][ T7278] chrdev_open+0x266/0x770 [ 74.154875][ T7278] do_dentry_open+0x501/0x1290 [ 74.159611][ T7278] path_openat+0x1bb9/0x2750 [ 74.164174][ T7278] do_filp_open+0x17e/0x3c0 [ 74.168650][ T7278] do_sys_openat2+0x16f/0x3b0 [ 74.173309][ T7278] __x64_sys_openat+0x13f/0x1f0 [ 74.178131][ T7278] do_syscall_64+0x60/0xe0 [ 74.182518][ T7278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.188377][ T7278] [ 74.190685][ T7278] Freed by task 7277: [ 74.194669][ T7278] save_stack+0x1b/0x40 [ 74.198813][ T7278] __kasan_slab_free+0xf5/0x140 [ 74.203635][ T7278] kfree+0x103/0x2c0 [ 74.207505][ T7278] snd_seq_port_disconnect+0x4c1/0x5c0 [ 74.212936][ T7278] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 74.218975][ T7278] snd_seq_kernel_client_ctl+0xeb/0x130 [ 74.224491][ T7278] snd_seq_oss_midi_close+0x36e/0x4d0 [ 74.229853][ T7278] snd_seq_oss_synth_reset+0x418/0x860 [ 74.235287][ T7278] snd_seq_oss_reset+0x6f/0x290 [ 74.240109][ T7278] snd_seq_oss_ioctl+0xb7b/0xd40 [ 74.245241][ T7278] odev_ioctl+0x4f/0x90 [ 74.249379][ T7278] ksys_ioctl+0x11a/0x180 [ 74.253693][ T7278] __x64_sys_ioctl+0x6f/0xb0 [ 74.258260][ T7278] do_syscall_64+0x60/0xe0 [ 74.262656][ T7278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.268529][ T7278] [ 74.270843][ T7278] The buggy address belongs to the object at ffff8880a46bea00 [ 74.270843][ T7278] which belongs to the cache kmalloc-128 of size 128 [ 74.284871][ T7278] The buggy address is located 0 bytes inside of [ 74.284871][ T7278] 128-byte region [ffff8880a46bea00, ffff8880a46bea80) [ 74.297939][ T7278] The buggy address belongs to the page: [ 74.303553][ T7278] page:ffffea000291af80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 74.312630][ T7278] flags: 0xfffe0000000200(slab) [ 74.317464][ T7278] raw: 00fffe0000000200 ffffea00027baf08 ffffea0002422008 ffff8880aa000700 [ 74.326060][ T7278] raw: 0000000000000000 ffff8880a46be000 0000000100000010 0000000000000000 [ 74.334626][ T7278] page dumped because: kasan: bad access detected [ 74.341009][ T7278] [ 74.343344][ T7278] Memory state around the buggy address: [ 74.348947][ T7278] ffff8880a46be900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.356987][ T7278] ffff8880a46be980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.365023][ T7278] >ffff8880a46bea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.373057][ T7278] ^ [ 74.377099][ T7278] ffff8880a46bea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 74.385178][ T7278] ffff8880a46beb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 74.393215][ T7278] ================================================================== [ 74.401262][ T7278] Disabling lock debugging due to kernel taint [ 74.407396][ T7278] Kernel panic - not syncing: panic_on_warn set ... [ 74.413965][ T7278] CPU: 0 PID: 7278 Comm: syz-executor.0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 74.423906][ T7278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.433934][ T7278] Call Trace: [ 74.437209][ T7278] dump_stack+0x18f/0x20d [ 74.441519][ T7278] panic+0x2e3/0x75c [ 74.445507][ T7278] ? __warn_printk+0xf3/0xf3 [ 74.450072][ T7278] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 74.455876][ T7278] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 74.461568][ T7278] end_report+0x4d/0x53 [ 74.465698][ T7278] kasan_report_invalid_free+0x6d/0x80 [ 74.471128][ T7278] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 74.476731][ T7278] __kasan_slab_free+0x127/0x140 [ 74.481645][ T7278] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 74.487268][ T7278] kfree+0x103/0x2c0 [ 74.491136][ T7278] snd_seq_port_disconnect+0x4c1/0x5c0 [ 74.496580][ T7278] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 74.502618][ T7278] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 74.508478][ T7278] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 74.514268][ T7278] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 74.520228][ T7278] snd_seq_kernel_client_ctl+0xeb/0x130 [ 74.525744][ T7278] snd_seq_oss_midi_close+0x36e/0x4d0 [ 74.531086][ T7278] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 74.536799][ T7278] ? tomoyo_execute_permission+0x470/0x470 [ 74.542601][ T7278] snd_seq_oss_synth_reset+0x418/0x860 [ 74.548049][ T7278] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 74.553848][ T7278] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 74.559716][ T7278] snd_seq_oss_reset+0x6f/0x290 [ 74.564552][ T7278] snd_seq_oss_ioctl+0xb7b/0xd40 [ 74.569468][ T7278] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 74.575354][ T7278] ? __fget_files+0x294/0x400 [ 74.580015][ T7278] odev_ioctl+0x4f/0x90 [ 74.584147][ T7278] ? odev_open+0x90/0x90 [ 74.588364][ T7278] ksys_ioctl+0x11a/0x180 [ 74.592683][ T7278] __x64_sys_ioctl+0x6f/0xb0 [ 74.597246][ T7278] ? lockdep_hardirqs_on+0x6a/0xe0 [ 74.602327][ T7278] do_syscall_64+0x60/0xe0 [ 74.606715][ T7278] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.612584][ T7278] RIP: 0033:0x45cc79 [ 74.616453][ T7278] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.636027][ T7278] RSP: 002b:00007f6de4cbdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.644412][ T7278] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79 [ 74.652355][ T7278] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 74.660295][ T7278] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 74.668239][ T7278] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 74.676183][ T7278] R13: 00007ffdb933aacf R14: 00007f6de4cbe9c0 R15: 000000000078bfac [ 74.685141][ T7278] Kernel Offset: disabled [ 74.689454][ T7278] Rebooting in 86400 seconds..