[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts.
2020/08/01 16:53:28 parsed 1 programs
2020/08/01 16:53:28 executed programs: 0
syzkaller login: [ 1050.179379][ T6842] IPVS: ftp: loaded support on port[0] = 21
[ 1050.266314][ T6842] chnl_net:caif_netlink_parms(): no params data found
[ 1050.317409][ T6842] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1050.325566][ T6842] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1050.334303][ T6842] device bridge_slave_0 entered promiscuous mode
[ 1050.343183][ T6842] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1050.350250][ T6842] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1050.358586][ T6842] device bridge_slave_1 entered promiscuous mode
[ 1050.378012][ T6842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1050.389593][ T6842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1050.410423][ T6842] team0: Port device team_slave_0 added
[ 1050.417768][ T6842] team0: Port device team_slave_1 added
[ 1050.435677][ T6842] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1050.443174][ T6842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1050.469911][ T6842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1050.483159][ T6842] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1050.490095][ T6842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1050.516752][ T6842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1050.594668][ T6842] device hsr_slave_0 entered promiscuous mode
[ 1050.642080][ T6842] device hsr_slave_1 entered promiscuous mode
[ 1050.763313][ T6842] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1050.805048][ T6842] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1050.874457][ T6842] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1050.914130][ T6842] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1050.977788][ T6842] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1050.984946][ T6842] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1050.992768][ T6842] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1050.999819][ T6842] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1051.042728][ T6842] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1051.055538][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1051.066189][ T3671] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1051.074729][ T3671] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1051.084232][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1051.097643][ T6842] 8021q: adding VLAN 0 to HW filter on device team0
[ 1051.108266][ T6812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1051.117475][ T6812] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1051.124656][ T6812] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1051.136262][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1051.145491][ T3671] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1051.152578][ T3671] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1051.174046][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1051.183545][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1051.192726][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1051.209400][ T6842] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1051.219935][ T6842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1051.233754][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1051.242936][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1051.262552][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1051.269929][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1051.278046][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1051.289853][ T6842] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1051.308542][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1051.317978][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1051.336910][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1051.345477][ T6811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1051.356625][ T6842] device veth0_vlan entered promiscuous mode
[ 1051.365643][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1051.373481][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1051.389699][ T6842] device veth1_vlan entered promiscuous mode
[ 1051.410391][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1051.419255][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1051.427389][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1051.436034][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1051.446651][ T6842] device veth0_macvtap entered promiscuous mode
[ 1051.457489][ T6842] device veth1_macvtap entered promiscuous mode
[ 1051.473604][ T6842] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1051.480939][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1051.490069][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1051.498254][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1051.506922][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1051.518706][ T6842] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1051.526519][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1051.535509][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1054.633401][ T7250] ==================================================================
[ 1054.641903][ T7250] BUG: KASAN: double-free or invalid-free in snd_seq_port_disconnect+0x4c1/0x5c0
[ 1054.651006][ T7250] 
[ 1054.653336][ T7250] CPU: 0 PID: 7250 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0
[ 1054.661929][ T7250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1054.672041][ T7250] Call Trace:
[ 1054.675405][ T7250]  dump_stack+0x18f/0x20d
[ 1054.679833][ T7250]  print_address_description.constprop.0.cold+0xae/0x436
[ 1054.686932][ T7250]  ? lockdep_hardirqs_off+0x66/0xa0
[ 1054.692174][ T7250]  ? vprintk_func+0x97/0x1a6
[ 1054.696771][ T7250]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1054.702404][ T7250]  kasan_report_invalid_free+0x51/0x80
[ 1054.707864][ T7250]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1054.713494][ T7250]  __kasan_slab_free+0x127/0x140
[ 1054.718435][ T7250]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1054.724218][ T7250]  kfree+0x103/0x2c0
[ 1054.728101][ T7250]  snd_seq_port_disconnect+0x4c1/0x5c0
[ 1054.733545][ T7250]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[ 1054.739589][ T7250]  ? snd_seq_ioctl_running_mode+0x180/0x180
[ 1054.745563][ T7250]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[ 1054.751395][ T7250]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[ 1054.757389][ T7250]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1054.762919][ T7250]  snd_seq_oss_midi_close+0x36e/0x4d0
[ 1054.768268][ T7250]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[ 1054.773941][ T7250]  ? tomoyo_execute_permission+0x470/0x470
[ 1054.779727][ T7250]  snd_seq_oss_synth_reset+0x418/0x860
[ 1054.785170][ T7250]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[ 1054.791007][ T7250]  ? __sanitizer_cov_trace_switch+0x45/0x70
[ 1054.796887][ T7250]  snd_seq_oss_reset+0x6f/0x290
[ 1054.801725][ T7250]  snd_seq_oss_ioctl+0xb7b/0xd40
[ 1054.806651][ T7250]  ? snd_seq_oss_midi_info_user+0x140/0x140
[ 1054.812560][ T7250]  ? __fget_files+0x294/0x400
[ 1054.817220][ T7250]  odev_ioctl+0x4f/0x90
[ 1054.821362][ T7250]  ? odev_open+0x90/0x90
[ 1054.825627][ T7250]  ksys_ioctl+0x11a/0x180
[ 1054.829935][ T7250]  __x64_sys_ioctl+0x6f/0xb0
[ 1054.834507][ T7250]  ? lockdep_hardirqs_on+0x6a/0xe0
[ 1054.839647][ T7250]  do_syscall_64+0x60/0xe0
[ 1054.844040][ T7250]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1054.849907][ T7250] RIP: 0033:0x45cc79
[ 1054.853778][ T7250] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1054.873356][ T7250] RSP: 002b:00007f16f3cfcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1054.881784][ T7250] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79
[ 1054.889735][ T7250] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[ 1054.897689][ T7250] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000
[ 1054.905645][ T7250] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac
[ 1054.913730][ T7250] R13: 00007ffd948318bf R14: 00007f16f3cfd9c0 R15: 000000000078bfac
[ 1054.921694][ T7250] 
[ 1054.924103][ T7250] Allocated by task 7248:
[ 1054.928424][ T7250]  save_stack+0x1b/0x40
[ 1054.932565][ T7250]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[ 1054.938172][ T7250]  kmem_cache_alloc_trace+0x14f/0x2d0
[ 1054.943519][ T7250]  snd_seq_port_connect+0x5d/0x520
[ 1054.948603][ T7250]  snd_seq_ioctl_subscribe_port+0x1fc/0x400
[ 1054.954472][ T7250]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1054.959992][ T7250]  snd_seq_oss_midi_open+0x466/0x6e0
[ 1054.965250][ T7250]  snd_seq_oss_synth_setup_midi+0x123/0x520
[ 1054.971123][ T7250]  snd_seq_oss_open+0x87e/0xa10
[ 1054.975948][ T7250]  odev_open+0x6c/0x90
[ 1054.980056][ T7250]  soundcore_open+0x445/0x600
[ 1054.984712][ T7250]  chrdev_open+0x266/0x770
[ 1054.989172][ T7250]  do_dentry_open+0x501/0x1290
[ 1054.993913][ T7250]  path_openat+0x1bb9/0x2750
[ 1054.998476][ T7250]  do_filp_open+0x17e/0x3c0
[ 1055.002953][ T7250]  do_sys_openat2+0x16f/0x3b0
[ 1055.007602][ T7250]  __x64_sys_openat+0x13f/0x1f0
[ 1055.012451][ T7250]  do_syscall_64+0x60/0xe0
[ 1055.016843][ T7250]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1055.022700][ T7250] 
[ 1055.025001][ T7250] Freed by task 7248:
[ 1055.028957][ T7250]  save_stack+0x1b/0x40
[ 1055.033102][ T7250]  __kasan_slab_free+0xf5/0x140
[ 1055.037941][ T7250]  kfree+0x103/0x2c0
[ 1055.041827][ T7250]  snd_seq_port_disconnect+0x4c1/0x5c0
[ 1055.047270][ T7250]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[ 1055.053316][ T7250]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1055.058835][ T7250]  snd_seq_oss_midi_close+0x36e/0x4d0
[ 1055.064193][ T7250]  snd_seq_oss_synth_reset+0x418/0x860
[ 1055.069628][ T7250]  snd_seq_oss_reset+0x6f/0x290
[ 1055.074453][ T7250]  snd_seq_oss_ioctl+0xb7b/0xd40
[ 1055.079370][ T7250]  odev_ioctl+0x4f/0x90
[ 1055.083509][ T7250]  ksys_ioctl+0x11a/0x180
[ 1055.087821][ T7250]  __x64_sys_ioctl+0x6f/0xb0
[ 1055.092386][ T7250]  do_syscall_64+0x60/0xe0
[ 1055.096776][ T7250]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1055.102636][ T7250] 
[ 1055.104941][ T7250] The buggy address belongs to the object at ffff88808e826700
[ 1055.104941][ T7250]  which belongs to the cache kmalloc-128 of size 128
[ 1055.119065][ T7250] The buggy address is located 0 bytes inside of
[ 1055.119065][ T7250]  128-byte region [ffff88808e826700, ffff88808e826780)
[ 1055.132133][ T7250] The buggy address belongs to the page:
[ 1055.137750][ T7250] page:ffffea00023a0980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[ 1055.146827][ T7250] flags: 0xfffe0000000200(slab)
[ 1055.151664][ T7250] raw: 00fffe0000000200 ffffea000262d288 ffffea0002722ec8 ffff8880aa000700
[ 1055.160232][ T7250] raw: 0000000000000000 ffff88808e826000 0000000100000010 0000000000000000
[ 1055.168785][ T7250] page dumped because: kasan: bad access detected
[ 1055.175172][ T7250] 
[ 1055.177471][ T7250] Memory state around the buggy address:
[ 1055.183081][ T7250]  ffff88808e826600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1055.191115][ T7250]  ffff88808e826680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1055.199149][ T7250] >ffff88808e826700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1055.207179][ T7250]                    ^
[ 1055.211225][ T7250]  ffff88808e826780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1055.219263][ T7250]  ffff88808e826800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1055.227292][ T7250] ==================================================================
[ 1055.235322][ T7250] Disabling lock debugging due to kernel taint
[ 1055.241451][ T7250] Kernel panic - not syncing: panic_on_warn set ...
[ 1055.248010][ T7250] CPU: 0 PID: 7250 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc7-syzkaller #0
[ 1055.258053][ T7250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1055.268077][ T7250] Call Trace:
[ 1055.271344][ T7250]  dump_stack+0x18f/0x20d
[ 1055.275724][ T7250]  panic+0x2e3/0x75c
[ 1055.279612][ T7250]  ? __warn_printk+0xf3/0xf3
[ 1055.284196][ T7250]  ? _raw_spin_unlock_irqrestore+0x5b/0xe0
[ 1055.289976][ T7250]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1055.295580][ T7250]  end_report+0x4d/0x53
[ 1055.299709][ T7250]  kasan_report_invalid_free+0x6d/0x80
[ 1055.305171][ T7250]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1055.310773][ T7250]  __kasan_slab_free+0x127/0x140
[ 1055.315699][ T7250]  ? snd_seq_port_disconnect+0x4c1/0x5c0
[ 1055.321347][ T7250]  kfree+0x103/0x2c0
[ 1055.325214][ T7250]  snd_seq_port_disconnect+0x4c1/0x5c0
[ 1055.330647][ T7250]  snd_seq_ioctl_unsubscribe_port+0x1fc/0x400
[ 1055.336688][ T7250]  ? snd_seq_ioctl_running_mode+0x180/0x180
[ 1055.342557][ T7250]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[ 1055.348368][ T7250]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[ 1055.354330][ T7250]  snd_seq_kernel_client_ctl+0xeb/0x130
[ 1055.359864][ T7250]  snd_seq_oss_midi_close+0x36e/0x4d0
[ 1055.365208][ T7250]  ? snd_seq_oss_midi_open_all+0xe0/0xe0
[ 1055.370817][ T7250]  ? tomoyo_execute_permission+0x470/0x470
[ 1055.376599][ T7250]  snd_seq_oss_synth_reset+0x418/0x860
[ 1055.382050][ T7250]  ? snd_seq_oss_synth_cleanup+0x460/0x460
[ 1055.387831][ T7250]  ? __sanitizer_cov_trace_switch+0x45/0x70
[ 1055.393695][ T7250]  snd_seq_oss_reset+0x6f/0x290
[ 1055.398518][ T7250]  snd_seq_oss_ioctl+0xb7b/0xd40
[ 1055.403426][ T7250]  ? snd_seq_oss_midi_info_user+0x140/0x140
[ 1055.409290][ T7250]  ? __fget_files+0x294/0x400
[ 1055.413941][ T7250]  odev_ioctl+0x4f/0x90
[ 1055.418066][ T7250]  ? odev_open+0x90/0x90
[ 1055.422278][ T7250]  ksys_ioctl+0x11a/0x180
[ 1055.426578][ T7250]  __x64_sys_ioctl+0x6f/0xb0
[ 1055.431140][ T7250]  ? lockdep_hardirqs_on+0x6a/0xe0
[ 1055.436221][ T7250]  do_syscall_64+0x60/0xe0
[ 1055.440608][ T7250]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1055.446469][ T7250] RIP: 0033:0x45cc79
[ 1055.450338][ T7250] Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1055.469912][ T7250] RSP: 002b:00007f16f3cfcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1055.478293][ T7250] RAX: ffffffffffffffda RBX: 00000000000154c0 RCX: 000000000045cc79
[ 1055.486236][ T7250] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000003
[ 1055.494177][ T7250] RBP: 000000000078bfd8 R08: 0000000000000000 R09: 0000000000000000
[ 1055.502120][ T7250] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bfac
[ 1055.510065][ T7250] R13: 00007ffd948318bf R14: 00007f16f3cfd9c0 R15: 000000000078bfac
[ 1055.519445][ T7250] Kernel Offset: disabled
[ 1055.523758][ T7250] Rebooting in 86400 seconds..