[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 51.331727][ T27] audit: type=1800 audit(1579609972.392:25): pid=8591 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 51.351076][ T27] audit: type=1800 audit(1579609972.392:26): pid=8591 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 51.406484][ T27] audit: type=1800 audit(1579609972.392:27): pid=8591 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [ 67.395631][ T8755] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
[ 67.406098][ T8760] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
[ 67.418016][ T8758] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
[ 67.428769][ T8759] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
[ 67.467054][ T8761] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
executing program
executing program
executing program
executing program
executing program
[ 67.566842][ T8762] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
executing program
[ 67.647269][ T8780] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
[ 67.659264][ T8781] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
[ 67.673359][ T8783] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
[ 67.683199][ T8784] netlink: 20 bytes leftover after parsing attributes in process `syz-executor694'.
executing program
executing program
[ 67.898813][ T8782] ==================================================================
[ 67.907007][ T8782] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x100
[ 67.914794][ T8782] Read of size 8 at addr ffff888097973008 by task syz-executor694/8782
[ 67.923017][ T8782]
[ 67.925330][ T8782] CPU: 1 PID: 8782 Comm: syz-executor694 Not tainted 5.5.0-rc7-syzkaller #0
[ 67.933982][ T8782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 67.944058][ T8782] Call Trace:
[ 67.947342][ T8782] dump_stack+0x1fb/0x318
[ 67.951682][ T8782] print_address_description+0x74/0x5c0
[ 67.957225][ T8782] ? vprintk_default+0x28/0x30
[ 67.961966][ T8782] ? vprintk_func+0x158/0x170
[ 67.966619][ T8782] ? printk+0x62/0x8d
[ 67.970597][ T8782] __kasan_report+0x149/0x1c0
[ 67.975256][ T8782] ? do_raw_spin_unlock+0x100/0x950
[ 67.980448][ T8782] ? __list_del_entry_valid+0x2f/0x100
[ 67.985896][ T8782] kasan_report+0x26/0x50
[ 67.990206][ T8782] __asan_report_load8_noabort+0x14/0x20
[ 67.995814][ T8782] __list_del_entry_valid+0x2f/0x100
[ 68.001087][ T8782] __nf_tables_abort+0x16d2/0x2e80
[ 68.006223][ T8782] ? kfree+0x14c/0x220
[ 68.010274][ T8782] ? nfnetlink_rcv+0x19a1/0x1e50
[ 68.015190][ T8782] nf_tables_abort+0x15/0x30
[ 68.019757][ T8782] nfnetlink_rcv+0x1a88/0x1e50
[ 68.024542][ T8782] ? rcu_lock_release+0x21/0x30
[ 68.029383][ T8782] ? netlink_deliver_tap+0x142/0x880
[ 68.034650][ T8782] netlink_unicast+0x767/0x920
[ 68.039410][ T8782] netlink_sendmsg+0xa2c/0xd50
[ 68.044154][ T8782] ? netlink_getsockopt+0x9f0/0x9f0
[ 68.049327][ T8782] ____sys_sendmsg+0x4f7/0x7f0
[ 68.054072][ T8782] __sys_sendmsg+0x1ed/0x290
[ 68.058650][ T8782] ? up_read+0x1d/0x20
[ 68.062709][ T8782] ? do_user_addr_fault+0x654/0xaf0
[ 68.067893][ T8782] ? check_preemption_disabled+0xb4/0x260
[ 68.073608][ T8782] ? debug_smp_processor_id+0x9/0x20
[ 68.078870][ T8782] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 68.084309][ T8782] ? trace_irq_disable_rcuidle+0x23/0x1e0
[ 68.090027][ T8782] ? do_syscall_64+0x1d/0x1c0
[ 68.094692][ T8782] __x64_sys_sendmsg+0x7f/0x90
[ 68.099442][ T8782] do_syscall_64+0xf7/0x1c0
[ 68.103963][ T8782] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 68.109830][ T8782] RIP: 0033:0x4470c9
[ 68.113710][ T8782] Code: e8 dc e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 68.133302][ T8782] RSP: 002b:00007ffb4f1fad98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 68.141697][ T8782] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 00000000004470c9
[ 68.149676][ T8782] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 68.157628][ T8782] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
[ 68.165582][ T8782] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c
[ 68.173565][ T8782] R13: 00000000200002c0 R14: 00000000004af6c8 R15: 0000000000000000
[ 68.181531][ T8782]
[ 68.183836][ T8782] Allocated by task 8782:
[ 68.188147][ T8782] __kasan_kmalloc+0x118/0x1c0
[ 68.192885][ T8782] kasan_kmalloc+0x9/0x10
[ 68.197190][ T8782] kmem_cache_alloc_trace+0x221/0x2f0
[ 68.202553][ T8782] nf_tables_newtable+0x350/0x1b10
[ 68.207662][ T8782] nfnetlink_rcv+0xecf/0x1e50
[ 68.212318][ T8782] netlink_unicast+0x767/0x920
[ 68.217066][ T8782] netlink_sendmsg+0xa2c/0xd50
[ 68.221820][ T8782] ____sys_sendmsg+0x4f7/0x7f0
[ 68.226566][ T8782] __sys_sendmsg+0x1ed/0x290
[ 68.231132][ T8782] __x64_sys_sendmsg+0x7f/0x90
[ 68.235949][ T8782] do_syscall_64+0xf7/0x1c0
[ 68.240430][ T8782] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 68.246308][ T8782]
[ 68.248622][ T8782] Freed by task 2679:
[ 68.252593][ T8782] __kasan_slab_free+0x12e/0x1e0
[ 68.257614][ T8782] kasan_slab_free+0xe/0x10
[ 68.262127][ T8782] kfree+0x10d/0x220
[ 68.266017][ T8782] nf_tables_trans_destroy_work+0x9b8/0xbb0
[ 68.271893][ T8782] process_one_work+0x7f5/0x10d0
[ 68.276820][ T8782] worker_thread+0xbbc/0x1630
[ 68.281481][ T8782] kthread+0x332/0x350
[ 68.285527][ T8782] ret_from_fork+0x24/0x30
[ 68.289922][ T8782]
[ 68.292253][ T8782] The buggy address belongs to the object at ffff888097973000
[ 68.292253][ T8782] which belongs to the cache kmalloc-512 of size 512
[ 68.306300][ T8782] The buggy address is located 8 bytes inside of
[ 68.306300][ T8782] 512-byte region [ffff888097973000, ffff888097973200)
[ 68.319392][ T8782] The buggy address belongs to the page:
[ 68.325029][ T8782] page:ffffea00025e5cc0 refcount:1 mapcount:0 mapping:ffff8880aa800a80 index:0x0
[ 68.336122][ T8782] raw: 00fffe0000000200 ffffea0002a53ac8 ffffea0002806848 ffff8880aa800a80
[ 68.344686][ T8782] raw: 0000000000000000 ffff888097973000 0000000100000004 0000000000000000
[ 68.353250][ T8782] page dumped because: kasan: bad access detected
[ 68.359637][ T8782]
[ 68.361941][ T8782] Memory state around the buggy address:
[ 68.367550][ T8782] ffff888097972f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.375604][ T8782] ffff888097972f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.383652][ T8782] >ffff888097973000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.391697][ T8782] ^
[ 68.396007][ T8782] ffff888097973080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.404045][ T8782] ffff888097973100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 68.412078][ T8782] ==================================================================
[ 68.420111][ T8782] Disabling lock debugging due to kernel taint
[ 68.426822][ T8782] Kernel panic - not syncing: panic_on_warn set ...
[ 68.433407][ T8782] CPU: 1 PID: 8782 Comm: syz-executor694 Tainted: G B 5.5.0-rc7-syzkaller #0
[ 68.443450][ T8782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.453477][ T8782] Call Trace:
[ 68.456760][ T8782] dump_stack+0x1fb/0x318
[ 68.461088][ T8782] panic+0x264/0x7a9
[ 68.464965][ T8782] ? __kasan_report+0x193/0x1c0
[ 68.469802][ T8782] ? trace_hardirqs_on+0x34/0x80
[ 68.474728][ T8782] ? __kasan_report+0x193/0x1c0
[ 68.479555][ T8782] __kasan_report+0x1b9/0x1c0
[ 68.484208][ T8782] ? do_raw_spin_unlock+0x100/0x950
[ 68.489384][ T8782] ? __list_del_entry_valid+0x2f/0x100
[ 68.494840][ T8782] kasan_report+0x26/0x50
[ 68.499145][ T8782] __asan_report_load8_noabort+0x14/0x20
[ 68.504752][ T8782] __list_del_entry_valid+0x2f/0x100
[ 68.510104][ T8782] __nf_tables_abort+0x16d2/0x2e80
[ 68.515195][ T8782] ? kfree+0x14c/0x220
[ 68.519237][ T8782] ? nfnetlink_rcv+0x19a1/0x1e50
[ 68.524157][ T8782] nf_tables_abort+0x15/0x30
[ 68.528719][ T8782] nfnetlink_rcv+0x1a88/0x1e50
[ 68.533472][ T8782] ? rcu_lock_release+0x21/0x30
[ 68.538295][ T8782] ? netlink_deliver_tap+0x142/0x880
[ 68.543558][ T8782] netlink_unicast+0x767/0x920
[ 68.548299][ T8782] netlink_sendmsg+0xa2c/0xd50
[ 68.553039][ T8782] ? netlink_getsockopt+0x9f0/0x9f0
[ 68.558216][ T8782] ____sys_sendmsg+0x4f7/0x7f0
[ 68.562967][ T8782] __sys_sendmsg+0x1ed/0x290
[ 68.567535][ T8782] ? up_read+0x1d/0x20
[ 68.571577][ T8782] ? do_user_addr_fault+0x654/0xaf0
[ 68.576751][ T8782] ? check_preemption_disabled+0xb4/0x260
[ 68.582452][ T8782] ? debug_smp_processor_id+0x9/0x20
[ 68.587711][ T8782] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 68.593155][ T8782] ? trace_irq_disable_rcuidle+0x23/0x1e0
[ 68.598849][ T8782] ? do_syscall_64+0x1d/0x1c0
[ 68.603500][ T8782] __x64_sys_sendmsg+0x7f/0x90
[ 68.608241][ T8782] do_syscall_64+0xf7/0x1c0
[ 68.612732][ T8782] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 68.618596][ T8782] RIP: 0033:0x4470c9
[ 68.622479][ T8782] Code: e8 dc e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 68.642063][ T8782] RSP: 002b:00007ffb4f1fad98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 68.650451][ T8782] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 00000000004470c9
[ 68.658400][ T8782] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[ 68.666347][ T8782] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
[ 68.674306][ T8782] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c
[ 68.682254][ T8782] R13: 00000000200002c0 R14: 00000000004af6c8 R15: 0000000000000000
[ 68.691464][ T8782] Kernel Offset: disabled
[ 68.695778][ T8782] Rebooting in 86400 seconds..