[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   56.145439][ T6877] netlink: 8 bytes leftover after parsing attributes in process `syz-executor913'.
[   56.148472][ T6882] netlink: 8 bytes leftover after parsing attributes in process `syz-executor913'.
[   56.165004][ T6883] netlink: 8 bytes leftover after parsing attributes in process `syz-executor913'.
[   56.167539][ T6884] netlink: 8 bytes leftover after parsing attributes in process `syz-executor913'.
[   56.174627][ T6886] netlink: 8 bytes leftover after parsing attributes in process `syz-executor913'.
executing program
[   56.189992][ T6884] ==================================================================
[   56.201067][ T6884] BUG: KASAN: use-after-free in tipc_nl_publ_dump+0xd21/0xdd0
[   56.208521][ T6884] Read of size 2 at addr ffff88809fbf1a84 by task syz-executor913/6884
[   56.216731][ T6884] 
[   56.219042][ T6884] CPU: 1 PID: 6884 Comm: syz-executor913 Not tainted 5.8.0-rc2-syzkaller #0
[   56.227747][ T6884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.237794][ T6884] Call Trace:
[   56.241124][ T6884]  dump_stack+0x1f0/0x31e
[   56.245444][ T6884]  print_address_description+0x66/0x5a0
[   56.250976][ T6884]  ? vprintk_emit+0x342/0x3c0
[   56.255632][ T6884]  ? printk+0x62/0x83
[   56.259590][ T6884]  ? vprintk_emit+0x339/0x3c0
[   56.264245][ T6884]  kasan_report+0x132/0x1d0
[   56.268738][ T6884]  ? tipc_nl_publ_dump+0xd21/0xdd0
[   56.273828][ T6884]  tipc_nl_publ_dump+0xd21/0xdd0
[   56.278745][ T6884]  ? rcu_read_lock_sched_held+0x2f/0xa0
[   56.284266][ T6884]  ? genl_lock_dumpit+0x64/0xa0
[   56.289113][ T6884]  genl_lock_dumpit+0x86/0xa0
[   56.293778][ T6884]  netlink_dump+0x4be/0x10d0
[   56.298612][ T6884]  ? __netlink_dump_start+0x530/0x700
[   56.303965][ T6884]  __netlink_dump_start+0x538/0x700
[   56.309160][ T6884]  genl_rcv_msg+0xb03/0xe00
[   56.313752][ T6884]  ? genl_rcv_msg+0xe00/0xe00
[   56.318430][ T6884]  ? genl_start+0x570/0x570
[   56.322932][ T6884]  ? genl_lock_dumpit+0xa0/0xa0
[   56.327773][ T6884]  netlink_rcv_skb+0x190/0x3a0
[   56.332518][ T6884]  ? genl_unbind+0x270/0x270
[   56.337089][ T6884]  genl_rcv+0x24/0x40
[   56.341046][ T6884]  netlink_unicast+0x786/0x940
[   56.345824][ T6884]  netlink_sendmsg+0xa57/0xd70
[   56.350610][ T6884]  ? netlink_getsockopt+0x9e0/0x9e0
[   56.355785][ T6884]  ____sys_sendmsg+0x519/0x800
[   56.360526][ T6884]  ? import_iovec+0x12a/0x2c0
[   56.365188][ T6884]  __sys_sendmsg+0x2b1/0x360
[   56.369770][ T6884]  ? do_raw_spin_unlock+0x134/0x8d0
[   56.374949][ T6884]  ? check_preemption_disabled+0x40/0x240
[   56.380699][ T6884]  ? check_preemption_disabled+0x40/0x240
[   56.386402][ T6884]  ? check_preemption_disabled+0x40/0x240
[   56.392097][ T6884]  ? do_syscall_64+0x1d/0xe0
[   56.396664][ T6884]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   56.402702][ T6884]  do_syscall_64+0x73/0xe0
[   56.407103][ T6884]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   56.413233][ T6884] RIP: 0033:0x445f09
[   56.417097][ T6884] Code: Bad RIP value.
[   56.421136][ T6884] RSP: 002b:00007fff40117028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   56.429525][ T6884] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445f09
[   56.437845][ T6884] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[   56.445797][ T6884] RBP: 00000000006d0018 R08: 0000000000000000 R09: 00000000004002e0
[   56.453745][ T6884] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004030a0
[   56.461868][ T6884] R13: 0000000000403130 R14: 0000000000000000 R15: 0000000000000000
[   56.469855][ T6884] 
[   56.472162][ T6884] Allocated by task 6882:
[   56.476478][ T6884]  __kasan_kmalloc+0x103/0x140
[   56.481216][ T6884]  __alloc_skb+0xde/0x4f0
[   56.485732][ T6884]  netlink_sendmsg+0x7b2/0xd70
[   56.490484][ T6884]  ____sys_sendmsg+0x519/0x800
[   56.495231][ T6884]  __sys_sendmsg+0x2b1/0x360
[   56.499795][ T6884]  do_syscall_64+0x73/0xe0
[   56.504185][ T6884]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   56.510049][ T6884] 
[   56.512354][ T6884] Freed by task 6882:
[   56.516313][ T6884]  __kasan_slab_free+0x114/0x170
[   56.521225][ T6884]  kfree+0x10a/0x220
[   56.525102][ T6884]  __kfree_skb+0x56/0x1c0
[   56.529410][ T6884]  netlink_unicast+0x78e/0x940
[   56.534146][ T6884]  netlink_sendmsg+0xa57/0xd70
[   56.538972][ T6884]  ____sys_sendmsg+0x519/0x800
[   56.543709][ T6884]  __sys_sendmsg+0x2b1/0x360
[   56.548272][ T6884]  do_syscall_64+0x73/0xe0
[   56.552666][ T6884]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   56.558556][ T6884] 
[   56.560866][ T6884] The buggy address belongs to the object at ffff88809fbf1800
[   56.560866][ T6884]  which belongs to the cache kmalloc-1k of size 1024
[   56.574901][ T6884] The buggy address is located 644 bytes inside of
[   56.574901][ T6884]  1024-byte region [ffff88809fbf1800, ffff88809fbf1c00)
[   56.588260][ T6884] The buggy address belongs to the page:
[   56.594238][ T6884] page:ffffea00027efc40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   56.603319][ T6884] flags: 0xfffe0000000200(slab)
[   56.608167][ T6884] raw: 00fffe0000000200 ffffea000252f408 ffff8880aa401850 ffff8880aa400c40
[   56.616743][ T6884] raw: 0000000000000000 ffff88809fbf1000 0000000100000002 0000000000000000
[   56.625326][ T6884] page dumped because: kasan: bad access detected
[   56.631712][ T6884] 
[   56.634014][ T6884] Memory state around the buggy address:
[   56.639627][ T6884]  ffff88809fbf1980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.647734][ T6884]  ffff88809fbf1a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.656843][ T6884] >ffff88809fbf1a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.664892][ T6884]                    ^
[   56.668957][ T6884]  ffff88809fbf1b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.676998][ T6884]  ffff88809fbf1b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.685032][ T6884] ==================================================================
[   56.693073][ T6884] Disabling lock debugging due to kernel taint
[   56.700343][ T6884] Kernel panic - not syncing: panic_on_warn set ...
[   56.706935][ T6884] CPU: 1 PID: 6884 Comm: syz-executor913 Tainted: G    B             5.8.0-rc2-syzkaller #0
[   56.716987][ T6884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.727052][ T6884] Call Trace:
[   56.730323][ T6884]  dump_stack+0x1f0/0x31e
[   56.734626][ T6884]  panic+0x264/0x7a0
[   56.738510][ T6884]  ? trace_hardirqs_on+0x30/0x80
[   56.743426][ T6884]  kasan_report+0x1c9/0x1d0
[   56.747907][ T6884]  ? tipc_nl_publ_dump+0xd21/0xdd0
[   56.752990][ T6884]  tipc_nl_publ_dump+0xd21/0xdd0
[   56.757903][ T6884]  ? rcu_read_lock_sched_held+0x2f/0xa0
[   56.763423][ T6884]  ? genl_lock_dumpit+0x64/0xa0
[   56.768244][ T6884]  genl_lock_dumpit+0x86/0xa0
[   56.772894][ T6884]  netlink_dump+0x4be/0x10d0
[   56.777467][ T6884]  ? __netlink_dump_start+0x530/0x700
[   56.782814][ T6884]  __netlink_dump_start+0x538/0x700
[   56.788007][ T6884]  genl_rcv_msg+0xb03/0xe00
[   56.792485][ T6884]  ? genl_rcv_msg+0xe00/0xe00
[   56.797133][ T6884]  ? genl_start+0x570/0x570
[   56.801610][ T6884]  ? genl_lock_dumpit+0xa0/0xa0
[   56.806444][ T6884]  netlink_rcv_skb+0x190/0x3a0
[   56.811265][ T6884]  ? genl_unbind+0x270/0x270
[   56.815835][ T6884]  genl_rcv+0x24/0x40
[   56.819793][ T6884]  netlink_unicast+0x786/0x940
[   56.824530][ T6884]  netlink_sendmsg+0xa57/0xd70
[   56.829265][ T6884]  ? netlink_getsockopt+0x9e0/0x9e0
[   56.834437][ T6884]  ____sys_sendmsg+0x519/0x800
[   56.839171][ T6884]  ? import_iovec+0x12a/0x2c0
[   56.843822][ T6884]  __sys_sendmsg+0x2b1/0x360
[   56.848384][ T6884]  ? do_raw_spin_unlock+0x134/0x8d0
[   56.853559][ T6884]  ? check_preemption_disabled+0x40/0x240
[   56.859254][ T6884]  ? check_preemption_disabled+0x40/0x240
[   56.864942][ T6884]  ? check_preemption_disabled+0x40/0x240
[   56.870631][ T6884]  ? do_syscall_64+0x1d/0xe0
[   56.875195][ T6884]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   56.881247][ T6884]  do_syscall_64+0x73/0xe0
[   56.885653][ T6884]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   56.891516][ T6884] RIP: 0033:0x445f09
[   56.895379][ T6884] Code: Bad RIP value.
[   56.899417][ T6884] RSP: 002b:00007fff40117028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   56.907801][ T6884] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445f09
[   56.915749][ T6884] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[   56.923787][ T6884] RBP: 00000000006d0018 R08: 0000000000000000 R09: 00000000004002e0
[   56.931756][ T6884] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004030a0
[   56.939703][ T6884] R13: 0000000000403130 R14: 0000000000000000 R15: 0000000000000000
[   56.949158][ T6884] Kernel Offset: disabled
[   56.953472][ T6884] Rebooting in 86400 seconds..