Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts. 2020/08/01 15:10:56 parsed 1 programs 2020/08/01 15:10:56 executed programs: 0 syzkaller login: [ 60.688767][ T6845] IPVS: ftp: loaded support on port[0] = 21 [ 60.788351][ T6845] chnl_net:caif_netlink_parms(): no params data found [ 60.840550][ T6845] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.849497][ T6845] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.858572][ T6845] device bridge_slave_0 entered promiscuous mode [ 60.868233][ T6845] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.875912][ T6845] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.884153][ T6845] device bridge_slave_1 entered promiscuous mode [ 60.904972][ T6845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.916104][ T6845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.939388][ T6845] team0: Port device team_slave_0 added [ 60.947850][ T6845] team0: Port device team_slave_1 added [ 60.965078][ T6845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.972179][ T6845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.998995][ T6845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.012359][ T6845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.019322][ T6845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.046683][ T6845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.114595][ T6845] device hsr_slave_0 entered promiscuous mode [ 61.172497][ T6845] device hsr_slave_1 entered promiscuous mode [ 61.309010][ T6845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.345763][ T6845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.394791][ T6845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.434139][ T6845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.509307][ T6845] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.516526][ T6845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.525786][ T6845] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.532931][ T6845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.577652][ T6845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.594248][ T2684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.605108][ T2684] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.614483][ T2684] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.623281][ T2684] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 61.636773][ T6845] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.648160][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.657456][ T33] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.664631][ T33] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.683563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.692672][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.699741][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.724939][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.733968][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.742772][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.751110][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.762354][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.784408][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 61.795241][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 61.810170][ T6845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.830068][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 61.840822][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.867045][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 61.876118][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.886847][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 61.896649][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 61.907236][ T6845] device veth0_vlan entered promiscuous mode [ 61.919037][ T6845] device veth1_vlan entered promiscuous mode [ 61.940299][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 61.949127][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 61.957947][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.966895][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.980372][ T6845] device veth0_macvtap entered promiscuous mode [ 61.992285][ T6845] device veth1_macvtap entered promiscuous mode [ 62.009254][ T6845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.018570][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 62.028012][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 62.036547][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.048174][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.063166][ T6845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.072610][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.082978][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.838334][ T7106] ================================================================== [ 63.846911][ T7106] BUG: KASAN: double-free or invalid-free in snd_seq_port_disconnect+0x4c1/0x5c0 [ 63.856038][ T7106] [ 63.858986][ T7106] CPU: 0 PID: 7106 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 63.867557][ T7106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.877600][ T7106] Call Trace: [ 63.880912][ T7106] dump_stack+0x18f/0x20d [ 63.885238][ T7106] print_address_description.constprop.0.cold+0xae/0x436 [ 63.892273][ T7106] ? lockdep_hardirqs_off+0x66/0xa0 [ 63.898544][ T7106] ? vprintk_func+0x97/0x1a6 [ 63.903149][ T7106] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 63.908783][ T7106] kasan_report_invalid_free+0x51/0x80 [ 63.914276][ T7106] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 63.919942][ T7106] __kasan_slab_free+0x127/0x140 [ 63.925513][ T7106] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 63.931593][ T7106] kfree+0x103/0x2c0 [ 63.935511][ T7106] snd_seq_port_disconnect+0x4c1/0x5c0 [ 63.940993][ T7106] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 63.948813][ T7106] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 63.954879][ T7106] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 63.960810][ T7106] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.967103][ T7106] snd_seq_kernel_client_ctl+0xeb/0x130 [ 63.972675][ T7106] snd_seq_oss_midi_close+0x36e/0x4d0 [ 63.978063][ T7106] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 63.983986][ T7106] ? tomoyo_execute_permission+0x470/0x470 [ 63.989797][ T7106] snd_seq_oss_synth_reset+0x418/0x860 [ 63.995467][ T7106] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 64.001292][ T7106] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 64.007304][ T7106] snd_seq_oss_reset+0x6f/0x290 [ 64.012828][ T7106] snd_seq_oss_ioctl+0xb7b/0xd40 [ 64.018320][ T7106] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 64.024494][ T7106] ? __fget_files+0x294/0x400 [ 64.029182][ T7106] odev_ioctl+0x4f/0x90 [ 64.033351][ T7106] ? odev_open+0x90/0x90 [ 64.037626][ T7106] ksys_ioctl+0x11a/0x180 [ 64.042274][ T7106] __x64_sys_ioctl+0x6f/0xb0 [ 64.046976][ T7106] ? lockdep_hardirqs_on+0x6a/0xe0 [ 64.052199][ T7106] do_syscall_64+0x60/0xe0 [ 64.056873][ T7106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.065053][ T7106] RIP: 0033:0x45cc79 [ 64.070858][ T7106] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.092226][ T7106] RSP: 002b:00007f6bf0da1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.100829][ T7106] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79 [ 64.109509][ T7106] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 64.130084][ T7106] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 64.138064][ T7106] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 64.146052][ T7106] R13: 00007ffccb5ccbdf R14: 00007f6bf0da29c0 R15: 000000000078bfac [ 64.154039][ T7106] [ 64.156380][ T7106] Allocated by task 7104: [ 64.160731][ T7106] save_stack+0x1b/0x40 [ 64.165006][ T7106] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 64.170665][ T7106] kmem_cache_alloc_trace+0x14f/0x2d0 [ 64.180375][ T7106] snd_seq_port_connect+0x5d/0x520 [ 64.185497][ T7106] snd_seq_ioctl_subscribe_port+0x1fc/0x400 [ 64.191514][ T7106] snd_seq_kernel_client_ctl+0xeb/0x130 [ 64.199282][ T7106] snd_seq_oss_midi_open+0x466/0x6e0 [ 64.210215][ T7106] snd_seq_oss_synth_setup_midi+0x123/0x520 [ 64.216102][ T7106] snd_seq_oss_open+0x87e/0xa10 [ 64.221595][ T7106] odev_open+0x6c/0x90 [ 64.227164][ T7106] soundcore_open+0x445/0x600 [ 64.234706][ T7106] chrdev_open+0x266/0x770 [ 64.240035][ T7106] do_dentry_open+0x501/0x1290 [ 64.245141][ T7106] path_openat+0x1bb9/0x2750 [ 64.249810][ T7106] do_filp_open+0x17e/0x3c0 [ 64.254313][ T7106] do_sys_openat2+0x16f/0x3b0 [ 64.259438][ T7106] __x64_sys_openat+0x13f/0x1f0 [ 64.264809][ T7106] do_syscall_64+0x60/0xe0 [ 64.269484][ T7106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.275975][ T7106] [ 64.278309][ T7106] Freed by task 7104: [ 64.282381][ T7106] save_stack+0x1b/0x40 [ 64.286622][ T7106] __kasan_slab_free+0xf5/0x140 [ 64.291508][ T7106] kfree+0x103/0x2c0 [ 64.295419][ T7106] snd_seq_port_disconnect+0x4c1/0x5c0 [ 64.302274][ T7106] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 64.313921][ T7106] snd_seq_kernel_client_ctl+0xeb/0x130 [ 64.320086][ T7106] snd_seq_oss_midi_close+0x36e/0x4d0 [ 64.325979][ T7106] snd_seq_oss_synth_reset+0x418/0x860 [ 64.331448][ T7106] snd_seq_oss_reset+0x6f/0x290 [ 64.336380][ T7106] snd_seq_oss_ioctl+0xb7b/0xd40 [ 64.341312][ T7106] odev_ioctl+0x4f/0x90 [ 64.345635][ T7106] ksys_ioctl+0x11a/0x180 [ 64.349962][ T7106] __x64_sys_ioctl+0x6f/0xb0 [ 64.354826][ T7106] do_syscall_64+0x60/0xe0 [ 64.359303][ T7106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.365302][ T7106] [ 64.367630][ T7106] The buggy address belongs to the object at ffff88809ecfa000 [ 64.367630][ T7106] which belongs to the cache kmalloc-128 of size 128 [ 64.382045][ T7106] The buggy address is located 0 bytes inside of [ 64.382045][ T7106] 128-byte region [ffff88809ecfa000, ffff88809ecfa080) [ 64.396626][ T7106] The buggy address belongs to the page: [ 64.402282][ T7106] page:ffffea00027b3e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 64.411475][ T7106] flags: 0xfffe0000000200(slab) [ 64.416352][ T7106] raw: 00fffe0000000200 ffffea00025342c8 ffffea00027f77c8 ffff8880aa000700 [ 64.426168][ T7106] raw: 0000000000000000 ffff88809ecfa000 0000000100000010 0000000000000000 [ 64.434753][ T7106] page dumped because: kasan: bad access detected [ 64.441568][ T7106] [ 64.444899][ T7106] Memory state around the buggy address: [ 64.453838][ T7106] ffff88809ecf9f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 64.463159][ T7106] ffff88809ecf9f80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 64.471235][ T7106] >ffff88809ecfa000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.480689][ T7106] ^ [ 64.484767][ T7106] ffff88809ecfa080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.492832][ T7106] ffff88809ecfa100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.500881][ T7106] ================================================================== [ 64.509131][ T7106] Disabling lock debugging due to kernel taint [ 64.515885][ T7106] Kernel panic - not syncing: panic_on_warn set ... [ 64.523461][ T7106] CPU: 0 PID: 7106 Comm: syz-executor.0 Tainted: G B 5.8.0-rc7-syzkaller #0 [ 64.533508][ T7106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.544539][ T7106] Call Trace: [ 64.547834][ T7106] dump_stack+0x18f/0x20d [ 64.552166][ T7106] panic+0x2e3/0x75c [ 64.556067][ T7106] ? __warn_printk+0xf3/0xf3 [ 64.560911][ T7106] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 64.566709][ T7106] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 64.572332][ T7106] end_report+0x4d/0x53 [ 64.576481][ T7106] kasan_report_invalid_free+0x6d/0x80 [ 64.581942][ T7106] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 64.588765][ T7106] __kasan_slab_free+0x127/0x140 [ 64.593734][ T7106] ? snd_seq_port_disconnect+0x4c1/0x5c0 [ 64.599370][ T7106] kfree+0x103/0x2c0 [ 64.603279][ T7106] snd_seq_port_disconnect+0x4c1/0x5c0 [ 64.608738][ T7106] snd_seq_ioctl_unsubscribe_port+0x1fc/0x400 [ 64.614798][ T7106] ? snd_seq_ioctl_running_mode+0x180/0x180 [ 64.620955][ T7106] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 64.626765][ T7106] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.633386][ T7106] snd_seq_kernel_client_ctl+0xeb/0x130 [ 64.639888][ T7106] snd_seq_oss_midi_close+0x36e/0x4d0 [ 64.645370][ T7106] ? snd_seq_oss_midi_open_all+0xe0/0xe0 [ 64.651097][ T7106] ? tomoyo_execute_permission+0x470/0x470 [ 64.657002][ T7106] snd_seq_oss_synth_reset+0x418/0x860 [ 64.662472][ T7106] ? snd_seq_oss_synth_cleanup+0x460/0x460 [ 64.668282][ T7106] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 64.674164][ T7106] snd_seq_oss_reset+0x6f/0x290 [ 64.679029][ T7106] snd_seq_oss_ioctl+0xb7b/0xd40 [ 64.683983][ T7106] ? snd_seq_oss_midi_info_user+0x140/0x140 [ 64.690041][ T7106] ? __fget_files+0x294/0x400 [ 64.694709][ T7106] odev_ioctl+0x4f/0x90 [ 64.699921][ T7106] ? odev_open+0x90/0x90 [ 64.704155][ T7106] ksys_ioctl+0x11a/0x180 [ 64.708485][ T7106] __x64_sys_ioctl+0x6f/0xb0 [ 64.713076][ T7106] ? lockdep_hardirqs_on+0x6a/0xe0 [ 64.718195][ T7106] do_syscall_64+0x60/0xe0 [ 64.722708][ T7106] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.728608][ T7106] RIP: 0033:0x45cc79 [ 64.732511][ T7106] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.752540][ T7106] RSP: 002b:00007f6bf0da1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.760979][ T7106] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79 [ 64.771217][ T7106] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003 [ 64.779189][ T7106] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000 [ 64.788155][ T7106] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac [ 64.796125][ T7106] R13: 00007ffccb5ccbdf R14: 00007f6bf0da29c0 R15: 000000000078bfac [ 64.804725][ T7106] Kernel Offset: disabled [ 64.809051][ T7106] Rebooting in 86400 seconds..