[[0;32m  OK  [0m] Started Daily Cleanup of Temporary Directories.
[[0;32m  OK  [0m] Started Daily apt upgrade and clean activities.
[[0;32m  OK  [0m] Reached target Timers.
         Starting System Logging Service...
[   50.703962][ T6471] sshd (6471) used greatest stack depth: 23304 bytes left
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Started System Logging Service.
[[0;32m  OK  [0m] Found device /dev/ttyS0.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   70.106745][   T28] audit: type=1400 audit(1593401507.447:8): avc:  denied  { execmem } for  pid=6807 comm="syz-executor440" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   70.120848][ T6815] netlink: 8 bytes leftover after parsing attributes in process `syz-executor440'.
[   70.136126][ T6814] netlink: 8 bytes leftover after parsing attributes in process `syz-executor440'.
[   70.140267][ T6816] netlink: 8 bytes leftover after parsing attributes in process `syz-executor440'.
executing program
[   70.155009][ T6818] netlink: 8 bytes leftover after parsing attributes in process `syz-executor440'.
[   70.160603][ T6817] netlink: 8 bytes leftover after parsing attributes in process `syz-executor440'.
[   70.166155][ T6819] netlink: 8 bytes leftover after parsing attributes in process `syz-executor440'.
[   70.180497][ T6816] ==================================================================
[   70.193297][ T6816] BUG: KASAN: use-after-free in tipc_nl_publ_dump+0xae0/0xce0
[   70.200868][ T6816] Read of size 2 at addr ffff88809037fa84 by task syz-executor440/6816
[   70.209416][ T6816] 
[   70.211735][ T6816] CPU: 0 PID: 6816 Comm: syz-executor440 Not tainted 5.8.0-rc2-syzkaller #0
[   70.220560][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.230774][ T6816] Call Trace:
[   70.234065][ T6816]  dump_stack+0x18f/0x20d
[   70.238631][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   70.243946][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   70.249049][ T6816]  print_address_description.constprop.0.cold+0xae/0x436
[   70.256061][ T6816]  ? vprintk_func+0x97/0x1a6
[   70.260749][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   70.266488][ T6816]  kasan_report.cold+0x1f/0x37
[   70.271253][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   70.276453][ T6816]  tipc_nl_publ_dump+0xae0/0xce0
[   70.281398][ T6816]  ? __mutex_lock+0x626/0x10d0
[   70.286159][ T6816]  ? tipc_nl_sk_dump+0x30/0x30
[   70.291011][ T6816]  ? check_preemption_disabled+0x38/0x220
[   70.296765][ T6816]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   70.302318][ T6816]  ? kmem_cache_alloc_node_trace+0x3b0/0x400
[   70.309695][ T6816]  ? __kmalloc_node_track_caller+0x38/0x60
[   70.315587][ T6816]  ? kasan_unpoison_shadow+0x33/0x40
[   70.321142][ T6816]  ? __phys_addr+0x9a/0x110
[   70.325939][ T6816]  ? memset+0x20/0x40
[   70.330011][ T6816]  genl_lock_dumpit+0x7f/0xb0
[   70.334679][ T6816]  netlink_dump+0x4cd/0xf60
[   70.341865][ T6816]  ? netlink_insert+0x1670/0x1670
[   70.346946][ T6816]  ? __mutex_unlock_slowpath+0xe2/0x610
[   70.352682][ T6816]  ? genl_start+0x45a/0x6e0
[   70.357359][ T6816]  __netlink_dump_start+0x643/0x900
[   70.362646][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[   70.367335][ T6816]  ? tipc_nl_sk_dump+0x30/0x30
[   70.372138][ T6816]  genl_family_rcv_msg_dumpit+0x2ac/0x310
[   70.378476][ T6816]  ? genl_rcv+0x40/0x40
[   70.382639][ T6816]  ? mutex_lock_io_nested+0xf60/0xf60
[   70.388796][ T6816]  ? mark_lock+0xbc/0x1710
[   70.393232][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[   70.397984][ T6816]  ? genl_unlock+0x20/0x20
[   70.402395][ T6816]  ? genl_parallel_done+0x170/0x170
[   70.407594][ T6816]  ? __radix_tree_lookup+0x1f3/0x290
[   70.412873][ T6816]  genl_rcv_msg+0x797/0x9e0
[   70.417394][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   70.424335][ T6816]  ? lock_acquire+0x1f1/0xad0
[   70.429196][ T6816]  ? genl_rcv+0x15/0x40
[   70.433517][ T6816]  ? lock_release+0x8d0/0x8d0
[   70.438183][ T6816]  netlink_rcv_skb+0x15a/0x430
[   70.443209][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   70.451110][ T6816]  ? netlink_ack+0xa10/0xa10
[   70.455696][ T6816]  genl_rcv+0x24/0x40
[   70.459664][ T6816]  netlink_unicast+0x533/0x7d0
[   70.464516][ T6816]  ? netlink_attachskb+0x810/0x810
[   70.469642][ T6816]  ? _copy_from_iter_full+0x247/0x890
[   70.475016][ T6816]  netlink_sendmsg+0x856/0xd90
[   70.479786][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[   70.484715][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[   70.489844][ T6816]  sock_sendmsg+0xcf/0x120
[   70.494505][ T6816]  ____sys_sendmsg+0x6e8/0x810
[   70.499343][ T6816]  ? kernel_sendmsg+0x50/0x50
[   70.504003][ T6816]  ? do_recvmmsg+0x6d0/0x6d0
[   70.508922][ T6816]  ? find_held_lock+0x2d/0x110
[   70.513770][ T6816]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   70.519750][ T6816]  ? lock_downgrade+0x820/0x820
[   70.524621][ T6816]  ___sys_sendmsg+0xf3/0x170
[   70.529364][ T6816]  ? sendmsg_copy_msghdr+0x160/0x160
[   70.534747][ T6816]  ? debug_object_active_state+0x260/0x350
[   70.540992][ T6816]  ? lock_downgrade+0x820/0x820
[   70.545864][ T6816]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   70.551663][ T6816]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   70.557634][ T6816]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   70.563443][ T6816]  ? debug_object_active_state+0x260/0x350
[   70.569258][ T6816]  ? trace_hardirqs_off+0x27/0x210
[   70.574364][ T6816]  ? __fget_light+0x215/0x280
[   70.579209][ T6816]  __sys_sendmsg+0xe5/0x1b0
[   70.583696][ T6816]  ? __sys_sendmsg_sock+0xb0/0xb0
[   70.588924][ T6816]  ? check_preemption_disabled+0x38/0x220
[   70.594647][ T6816]  ? do_syscall_64+0x1c/0xe0
[   70.599256][ T6816]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   70.605236][ T6816]  do_syscall_64+0x60/0xe0
[   70.610272][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   70.616409][ T6816] RIP: 0033:0x445f09
[   70.620421][ T6816] Code: Bad RIP value.
[   70.625165][ T6816] RSP: 002b:00007ffcbfa87988 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.633566][ T6816] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445f09
[   70.641788][ T6816] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[   70.649748][ T6816] RBP: 00000000006d0018 R08: 0000000000000000 R09: 00000000004002e0
[   70.657707][ T6816] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004030a0
[   70.665662][ T6816] R13: 0000000000403130 R14: 0000000000000000 R15: 0000000000000000
[   70.673634][ T6816] 
[   70.676320][ T6816] Allocated by task 6815:
[   70.680673][ T6816]  save_stack+0x1b/0x40
[   70.684818][ T6816]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[   70.690631][ T6816]  __alloc_skb+0xae/0x550
[   70.694947][ T6816]  netlink_sendmsg+0x94f/0xd90
[   70.699704][ T6816]  sock_sendmsg+0xcf/0x120
[   70.704135][ T6816]  ____sys_sendmsg+0x6e8/0x810
[   70.708898][ T6816]  ___sys_sendmsg+0xf3/0x170
[   70.713473][ T6816]  __sys_sendmsg+0xe5/0x1b0
[   70.718091][ T6816]  do_syscall_64+0x60/0xe0
[   70.722507][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   70.728463][ T6816] 
[   70.730773][ T6816] Freed by task 6815:
[   70.734743][ T6816]  save_stack+0x1b/0x40
[   70.739014][ T6816]  __kasan_slab_free+0xf5/0x140
[   70.743938][ T6816]  kfree+0x103/0x2c0
[   70.747822][ T6816]  skb_release_data+0x6d9/0x910
[   70.752690][ T6816]  consume_skb+0xc2/0x160
[   70.757003][ T6816]  netlink_unicast+0x53b/0x7d0
[   70.761760][ T6816]  netlink_sendmsg+0x856/0xd90
[   70.766517][ T6816]  sock_sendmsg+0xcf/0x120
[   70.770920][ T6816]  ____sys_sendmsg+0x6e8/0x810
[   70.775810][ T6816]  ___sys_sendmsg+0xf3/0x170
[   70.780647][ T6816]  __sys_sendmsg+0xe5/0x1b0
[   70.785311][ T6816]  do_syscall_64+0x60/0xe0
[   70.789728][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   70.795904][ T6816] 
[   70.798226][ T6816] The buggy address belongs to the object at ffff88809037f800
[   70.798226][ T6816]  which belongs to the cache kmalloc-1k of size 1024
[   70.812541][ T6816] The buggy address is located 644 bytes inside of
[   70.812541][ T6816]  1024-byte region [ffff88809037f800, ffff88809037fc00)
[   70.826232][ T6816] The buggy address belongs to the page:
[   70.831862][ T6816] page:ffffea000240dfc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   70.841214][ T6816] flags: 0xfffe0000000200(slab)
[   70.846054][ T6816] raw: 00fffe0000000200 ffffea0002a215c8 ffffea00027874c8 ffff8880aa000c40
[   70.854783][ T6816] raw: 0000000000000000 ffff88809037f000 0000000100000002 0000000000000000
[   70.863367][ T6816] page dumped because: kasan: bad access detected
[   70.869769][ T6816] 
[   70.872086][ T6816] Memory state around the buggy address:
[   70.877741][ T6816]  ffff88809037f980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.885894][ T6816]  ffff88809037fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.894082][ T6816] >ffff88809037fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.902146][ T6816]                    ^
[   70.906547][ T6816]  ffff88809037fb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.914613][ T6816]  ffff88809037fb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.922749][ T6816] ==================================================================
[   70.930811][ T6816] Disabling lock debugging due to kernel taint
[   70.937565][ T6816] Kernel panic - not syncing: panic_on_warn set ...
[   70.944202][ T6816] CPU: 0 PID: 6816 Comm: syz-executor440 Tainted: G    B             5.8.0-rc2-syzkaller #0
[   70.954272][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.964340][ T6816] Call Trace:
[   70.967637][ T6816]  dump_stack+0x18f/0x20d
[   70.971977][ T6816]  ? tipc_nl_publ_dump+0xa60/0xce0
[   70.977188][ T6816]  panic+0x2e3/0x75c
[   70.981089][ T6816]  ? __warn_printk+0xf3/0xf3
[   70.985679][ T6816]  ? preempt_schedule_common+0x59/0xc0
[   70.991230][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   70.996388][ T6816]  ? preempt_schedule_thunk+0x16/0x18
[   71.001815][ T6816]  ? trace_hardirqs_on+0x55/0x220
[   71.006824][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   71.011918][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   71.017010][ T6816]  end_report+0x4d/0x53
[   71.021177][ T6816]  kasan_report.cold+0xd/0x37
[   71.025846][ T6816]  ? tipc_nl_publ_dump+0xae0/0xce0
[   71.031032][ T6816]  tipc_nl_publ_dump+0xae0/0xce0
[   71.035951][ T6816]  ? __mutex_lock+0x626/0x10d0
[   71.041823][ T6816]  ? tipc_nl_sk_dump+0x30/0x30
[   71.046571][ T6816]  ? check_preemption_disabled+0x38/0x220
[   71.052370][ T6816]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   71.057922][ T6816]  ? kmem_cache_alloc_node_trace+0x3b0/0x400
[   71.063905][ T6816]  ? __kmalloc_node_track_caller+0x38/0x60
[   71.069697][ T6816]  ? kasan_unpoison_shadow+0x33/0x40
[   71.075078][ T6816]  ? __phys_addr+0x9a/0x110
[   71.079578][ T6816]  ? memset+0x20/0x40
[   71.083644][ T6816]  genl_lock_dumpit+0x7f/0xb0
[   71.088303][ T6816]  netlink_dump+0x4cd/0xf60
[   71.092803][ T6816]  ? netlink_insert+0x1670/0x1670
[   71.097816][ T6816]  ? __mutex_unlock_slowpath+0xe2/0x610
[   71.103431][ T6816]  ? genl_start+0x45a/0x6e0
[   71.108788][ T6816]  __netlink_dump_start+0x643/0x900
[   71.113967][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[   71.118653][ T6816]  ? tipc_nl_sk_dump+0x30/0x30
[   71.123396][ T6816]  genl_family_rcv_msg_dumpit+0x2ac/0x310
[   71.129208][ T6816]  ? genl_rcv+0x40/0x40
[   71.133368][ T6816]  ? mutex_lock_io_nested+0xf60/0xf60
[   71.138739][ T6816]  ? mark_lock+0xbc/0x1710
[   71.143243][ T6816]  ? genl_rcv_msg+0x9e0/0x9e0
[   71.147903][ T6816]  ? genl_unlock+0x20/0x20
[   71.152403][ T6816]  ? genl_parallel_done+0x170/0x170
[   71.157596][ T6816]  ? __radix_tree_lookup+0x1f3/0x290
[   71.162865][ T6816]  genl_rcv_msg+0x797/0x9e0
[   71.167401][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   71.174424][ T6816]  ? lock_acquire+0x1f1/0xad0
[   71.179089][ T6816]  ? genl_rcv+0x15/0x40
[   71.183287][ T6816]  ? lock_release+0x8d0/0x8d0
[   71.187957][ T6816]  netlink_rcv_skb+0x15a/0x430
[   71.192718][ T6816]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x310/0x310
[   71.199639][ T6816]  ? netlink_ack+0xa10/0xa10
[   71.204223][ T6816]  genl_rcv+0x24/0x40
[   71.208210][ T6816]  netlink_unicast+0x533/0x7d0
[   71.212976][ T6816]  ? netlink_attachskb+0x810/0x810
[   71.218068][ T6816]  ? _copy_from_iter_full+0x247/0x890
[   71.223427][ T6816]  netlink_sendmsg+0x856/0xd90
[   71.228336][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[   71.233256][ T6816]  ? netlink_unicast+0x7d0/0x7d0
[   71.238186][ T6816]  sock_sendmsg+0xcf/0x120
[   71.242603][ T6816]  ____sys_sendmsg+0x6e8/0x810
[   71.247347][ T6816]  ? kernel_sendmsg+0x50/0x50
[   71.252008][ T6816]  ? do_recvmmsg+0x6d0/0x6d0
[   71.256834][ T6816]  ? find_held_lock+0x2d/0x110
[   71.261581][ T6816]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   71.267540][ T6816]  ? lock_downgrade+0x820/0x820
[   71.272373][ T6816]  ___sys_sendmsg+0xf3/0x170
[   71.276940][ T6816]  ? sendmsg_copy_msghdr+0x160/0x160
[   71.282205][ T6816]  ? debug_object_active_state+0x260/0x350
[   71.287993][ T6816]  ? lock_downgrade+0x820/0x820
[   71.292833][ T6816]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   71.298744][ T6816]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   71.304721][ T6816]  ? _raw_spin_unlock_irqrestore+0x9b/0xe0
[   71.310513][ T6816]  ? debug_object_active_state+0x260/0x350
[   71.316400][ T6816]  ? trace_hardirqs_off+0x27/0x210
[   71.321592][ T6816]  ? __fget_light+0x215/0x280
[   71.326266][ T6816]  __sys_sendmsg+0xe5/0x1b0
[   71.330788][ T6816]  ? __sys_sendmsg_sock+0xb0/0xb0
[   71.335837][ T6816]  ? check_preemption_disabled+0x38/0x220
[   71.341642][ T6816]  ? do_syscall_64+0x1c/0xe0
[   71.346229][ T6816]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   71.352196][ T6816]  do_syscall_64+0x60/0xe0
[   71.356624][ T6816]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   71.362493][ T6816] RIP: 0033:0x445f09
[   71.366358][ T6816] Code: Bad RIP value.
[   71.370405][ T6816] RSP: 002b:00007ffcbfa87988 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   71.378794][ T6816] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445f09
[   71.386748][ T6816] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[   71.394703][ T6816] RBP: 00000000006d0018 R08: 0000000000000000 R09: 00000000004002e0
[   71.403103][ T6816] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004030a0
[   71.411063][ T6816] R13: 0000000000403130 R14: 0000000000000000 R15: 0000000000000000
[   71.420685][ T6816] Kernel Offset: disabled
[   71.425215][ T6816] Rebooting in 86400 seconds..