[ 84.730842][ T27] audit: type=1800 audit(1579689843.595:27): pid=9730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 84.773510][ T27] audit: type=1800 audit(1579689843.595:28): pid=9730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 85.757418][ T27] audit: type=1800 audit(1579689844.675:29): pid=9730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 85.782677][ T27] audit: type=1800 audit(1579689844.675:30): pid=9730 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.30' (ECDSA) to the list of known hosts. syzkaller login: [ 95.899546][ T9889] IPVS: ftp: loaded support on port[0] = 21 [ 95.900093][ T9890] IPVS: ftp: loaded support on port[0] = 21 [ 95.908244][ T9885] IPVS: ftp: loaded support on port[0] = 21 [ 95.914439][ T9892] IPVS: ftp: loaded support on port[0] = 21 [ 95.920317][ T9893] IPVS: ftp: loaded support on port[0] = 21 [ 95.942825][ T9891] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program [ 96.051235][ T9895] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. [ 96.077651][ T9898] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. executing program executing program [ 96.121899][ T9903] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. [ 96.132252][ T9904] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. [ 96.141196][ T9906] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. [ 96.142795][ T9908] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. [ 96.151860][ T9911] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. [ 96.172604][ T9917] netlink: 20 bytes leftover after parsing attributes in process `syz-executor815'. [ 96.186506][ T9904] list_del corruption, ffff8880a3be8400->prev is LIST_POISON2 (dead000000000122) [ 96.205597][ T9903] ================================================================== [ 96.213877][ T9903] BUG: KASAN: use-after-free in __list_del_entry_valid+0xd2/0xf5 [ 96.221281][ T9904] ------------[ cut here ]------------ [ 96.221615][ T9903] Read of size 8 at addr ffff8880a3be8c08 by task syz-executor815/9903 [ 96.227083][ T9904] kernel BUG at lib/list_debug.c:48! [ 96.235303][ T9903] [ 96.235325][ T9903] CPU: 0 PID: 9903 Comm: syz-executor815 Not tainted 5.5.0-rc7-syzkaller #0 [ 96.243129][ T9904] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 96.244208][ T9903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.253141][ T9904] CPU: 1 PID: 9904 Comm: syz-executor815 Not tainted 5.5.0-rc7-syzkaller #0 [ 96.259790][ T9903] Call Trace: [ 96.269856][ T9904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.278549][ T9903] dump_stack+0x197/0x210 [ 96.281857][ T9904] RIP: 0010:__list_del_entry_valid.cold+0x37/0x4f [ 96.291935][ T9903] ? __list_del_entry_valid+0xd2/0xf5 [ 96.296264][ T9904] Code: be fd 0f 0b 4c 89 ea 4c 89 f6 48 c7 c7 60 69 71 88 e8 e0 de be fd 0f 0b 4c 89 e2 4c 89 f6 48 c7 c7 c0 69 71 88 e8 cc de be fd <0f> 0b 4c 89 f6 48 c7 c7 80 6a 71 88 e8 bb de be fd 0f 0b cc cc cc [ 96.302706][ T9903] print_address_description.constprop.0.cold+0xd4/0x30b [ 96.308051][ T9904] RSP: 0018:ffffc900021b7478 EFLAGS: 00010282 [ 96.327831][ T9903] ? __list_del_entry_valid+0xd2/0xf5 [ 96.334842][ T9904] RAX: 000000000000004e RBX: ffff8880a3be8400 RCX: 0000000000000000 [ 96.340924][ T9903] ? __list_del_entry_valid+0xd2/0xf5 [ 96.346277][ T9904] RDX: 0000000000000000 RSI: ffffffff815e5326 RDI: fffff52000436e81 [ 96.354270][ T9903] __kasan_report.cold+0x1b/0x41 [ 96.359618][ T9904] RBP: ffffc900021b7490 R08: 000000000000004e R09: ffffed1015d26621 [ 96.367862][ T9903] ? __list_del_entry_valid+0xd2/0xf5 [ 96.372789][ T9904] R10: ffffed1015d26620 R11: ffff8880ae933107 R12: dead000000000122 [ 96.380773][ T9903] kasan_report+0x12/0x20 [ 96.386128][ T9904] R13: ffff8880991cf2f0 R14: ffff8880a3be8400 R15: ffff88809e168700 [ 96.394225][ T9903] __asan_report_load8_noabort+0x14/0x20 [ 96.398542][ T9904] FS: 00007f01ace09700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 96.406677][ T9903] __list_del_entry_valid+0xd2/0xf5 [ 96.413247][ T9904] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.422207][ T9903] __nf_tables_abort+0x1e53/0x2a50 [ 96.427386][ T9904] CR2: 00007fffbb27eff0 CR3: 0000000099fbf000 CR4: 00000000001406e0 [ 96.433993][ T9903] ? nfnl_err_del+0x115/0x170 [ 96.439124][ T9904] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 96.447222][ T9903] nf_tables_abort+0x17/0x30 [ 96.451879][ T9904] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 96.459851][ T9903] nfnetlink_rcv_batch+0xa5d/0x17a0 [ 96.464443][ T9904] Call Trace: [ 96.472421][ T9903] ? nf_tables_delobj+0x8f0/0x8f0 [ 96.477612][ T9904] __nf_tables_abort+0x1e53/0x2a50 [ 96.480891][ T9903] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 96.485916][ T9904] ? nfnl_err_del+0x115/0x170 [ 96.491031][ T9903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.496841][ T9904] nf_tables_abort+0x17/0x30 [ 96.501654][ T9903] ? apparmor_capable+0x497/0x900 [ 96.507901][ T9904] nfnetlink_rcv_batch+0xa5d/0x17a0 [ 96.512500][ T9903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.517634][ T9904] ? nf_tables_delobj+0x8f0/0x8f0 [ 96.522814][ T9903] ? __nla_validate_parse+0x2d0/0x1ee0 [ 96.529068][ T9904] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 96.534096][ T9903] ? cap_capable+0x205/0x270 [ 96.539565][ T9904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.545376][ T9903] ? nla_memcpy+0xb0/0xb0 [ 96.549965][ T9904] ? apparmor_capable+0x497/0x900 [ 96.556222][ T9903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.560580][ T9904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.565611][ T9903] ? ns_capable_common+0x93/0x100 [ 96.571841][ T9904] ? __nla_validate_parse+0x2d0/0x1ee0 [ 96.578070][ T9903] ? __nla_parse+0x43/0x60 [ 96.583092][ T9904] ? cap_capable+0x205/0x270 [ 96.589068][ T9903] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 96.593477][ T9904] ? nla_memcpy+0xb0/0xb0 [ 96.598052][ T9903] nfnetlink_rcv+0x3e7/0x460 [ 96.603772][ T9904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.608101][ T9903] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 96.612706][ T9904] ? ns_capable_common+0x93/0x100 [ 96.618944][ T9903] ? netlink_deliver_tap+0x24a/0xbe0 [ 96.624490][ T9904] ? __nla_parse+0x43/0x60 [ 96.629510][ T9903] ? __kasan_check_write+0x14/0x20 [ 96.634801][ T9904] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 96.639215][ T9903] netlink_unicast+0x58c/0x7d0 [ 96.644308][ T9904] nfnetlink_rcv+0x3e7/0x460 [ 96.650037][ T9903] ? netlink_attachskb+0x870/0x870 [ 96.654906][ T9904] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 96.659615][ T9903] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 96.664719][ T9904] ? netlink_deliver_tap+0x24a/0xbe0 [ 96.670180][ T9903] ? __check_object_size+0x3d/0x437 [ 96.676031][ T9904] ? __kasan_check_write+0x14/0x20 [ 96.681315][ T9903] netlink_sendmsg+0x91c/0xea0 [ 96.686514][ T9904] netlink_unicast+0x58c/0x7d0 [ 96.691686][ T9903] ? netlink_unicast+0x7d0/0x7d0 [ 96.696407][ T9904] ? netlink_attachskb+0x870/0x870 [ 96.701150][ T9903] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 96.701171][ T9903] ? apparmor_socket_sendmsg+0x2a/0x30 [ 96.706539][ T9904] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 96.711675][ T9903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.717222][ T9904] ? __check_object_size+0x3d/0x437 [ 96.722692][ T9903] ? security_socket_sendmsg+0x8d/0xc0 [ 96.728413][ T9904] netlink_sendmsg+0x91c/0xea0 [ 96.734675][ T9903] ? netlink_unicast+0x7d0/0x7d0 [ 96.739954][ T9904] ? netlink_unicast+0x7d0/0x7d0 [ 96.745397][ T9903] sock_sendmsg+0xd7/0x130 [ 96.750169][ T9904] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 96.750191][ T9904] ? apparmor_socket_sendmsg+0x2a/0x30 [ 96.755136][ T9903] ____sys_sendmsg+0x753/0x880 [ 96.760073][ T9904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 96.764505][ T9903] ? kernel_sendmsg+0x50/0x50 [ 96.770069][ T9904] ? security_socket_sendmsg+0x8d/0xc0 [ 96.775656][ T9903] ? __fget+0x35d/0x550 [ 96.780533][ T9904] ? netlink_unicast+0x7d0/0x7d0 [ 96.786822][ T9903] ? find_held_lock+0x35/0x130 [ 96.791497][ T9904] sock_sendmsg+0xd7/0x130 [ 96.796956][ T9903] ___sys_sendmsg+0x100/0x170 [ 96.801124][ T9904] ____sys_sendmsg+0x753/0x880 [ 96.806067][ T9903] ? sendmsg_copy_msghdr+0x70/0x70 [ 96.810828][ T9904] ? kernel_sendmsg+0x50/0x50 [ 96.815413][ T9903] ? __kasan_check_read+0x11/0x20 [ 96.820079][ T9904] ? __fget+0x35d/0x550 [ 96.824860][ T9903] ? __fget+0x37f/0x550 [ 96.829971][ T9904] ? find_held_lock+0x35/0x130 [ 96.834635][ T9903] ? ksys_dup3+0x3e0/0x3e0 [ 96.839669][ T9904] ___sys_sendmsg+0x100/0x170 [ 96.843825][ T9903] ? __do_page_fault+0x56a/0xd80 [ 96.850238][ T9904] ? sendmsg_copy_msghdr+0x70/0x70 [ 96.855034][ T9903] ? __fget_light+0x1a9/0x230 [ 96.859460][ T9904] ? __kasan_check_read+0x11/0x20 [ 96.864128][ T9903] ? __fdget+0x1b/0x20 [ 96.869070][ T9904] ? __fget+0x37f/0x550 [ 96.874188][ T9903] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 96.879031][ T9904] ? ksys_dup3+0x3e0/0x3e0 [ 96.884150][ T9903] __sys_sendmsg+0x105/0x1d0 [ 96.888215][ T9904] ? __do_page_fault+0x56a/0xd80 [ 96.892612][ T9903] ? __sys_sendmsg_sock+0xc0/0xc0 [ 96.898844][ T9904] ? __fget_light+0x1a9/0x230 [ 96.903264][ T9903] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 96.907852][ T9904] ? __fdget+0x1b/0x20 [ 96.913396][ T9903] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 96.918813][ T9904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 96.923600][ T9903] ? do_syscall_64+0x26/0x790 [ 96.929148][ T9904] __sys_sendmsg+0x105/0x1d0 [ 96.933214][ T9903] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.938674][ T9904] ? __sys_sendmsg_sock+0xc0/0xc0 [ 96.945268][ T9903] ? do_syscall_64+0x26/0x790 [ 96.949930][ T9904] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 96.954529][ T9903] __x64_sys_sendmsg+0x78/0xb0 [ 96.960715][ T9904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 96.965744][ T9903] do_syscall_64+0xfa/0x790 [ 96.970427][ T9904] ? do_syscall_64+0x26/0x790 [ 96.976222][ T9903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.980970][ T9904] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.986443][ T9903] RIP: 0033:0x446d49 [ 96.990989][ T9904] ? do_syscall_64+0x26/0x790 [ 96.995624][ T9903] Code: e8 8c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.001607][ T9904] __x64_sys_sendmsg+0x78/0xb0 [ 97.007665][ T9903] RSP: 002b:00007f01ace08d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.013279][ T9904] do_syscall_64+0xfa/0x790 [ 97.017960][ T9903] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446d49 [ 97.037583][ T9904] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.042330][ T9903] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 97.042346][ T9903] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 97.050794][ T9904] RIP: 0033:0x446d49 [ 97.050809][ T9904] Code: e8 8c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.050816][ T9904] RSP: 002b:00007f01ace08d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.050835][ T9904] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446d49 [ 97.056675][ T9903] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 97.064656][ T9904] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 97.070824][ T9903] R13: 00000000200002c0 R14: 00000000004aed40 R15: 0000000000000000 [ 97.078796][ T9904] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 97.086769][ T9903] [ 97.090661][ T9904] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 97.110524][ T9903] Allocated by task 9903: [ 97.119646][ T9904] R13: 00000000200002c0 R14: 00000000004aed40 R15: 0000000000000000 [ 97.127904][ T9903] save_stack+0x23/0x90 [ 97.137972][ T9904] Modules linked in: [ 97.146666][ T9903] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 97.157256][ T9904] ---[ end trace 87cb64d5405ce740 ]--- [ 97.163815][ T9903] kasan_kmalloc+0x9/0x10 [ 97.163825][ T9903] kmem_cache_alloc_trace+0x158/0x790 [ 97.163837][ T9903] nf_tables_newtable+0xa4d/0x1510 [ 97.163852][ T9903] nfnetlink_rcv_batch+0xf42/0x17a0 [ 97.163865][ T9903] nfnetlink_rcv+0x3e7/0x460 [ 97.163877][ T9903] netlink_unicast+0x58c/0x7d0 [ 97.163893][ T9903] netlink_sendmsg+0x91c/0xea0 [ 97.163902][ T9903] sock_sendmsg+0xd7/0x130 [ 97.163910][ T9903] ____sys_sendmsg+0x753/0x880 [ 97.163919][ T9903] ___sys_sendmsg+0x100/0x170 [ 97.163929][ T9903] __sys_sendmsg+0x105/0x1d0 [ 97.163947][ T9903] __x64_sys_sendmsg+0x78/0xb0 [ 97.167491][ T9904] RIP: 0010:__list_del_entry_valid.cold+0x37/0x4f [ 97.176161][ T9903] do_syscall_64+0xfa/0x790 [ 97.176175][ T9903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.176179][ T9903] [ 97.176186][ T9903] Freed by task 2874: [ 97.176199][ T9903] save_stack+0x23/0x90 [ 97.176210][ T9903] __kasan_slab_free+0x102/0x150 [ 97.176221][ T9903] kasan_slab_free+0xe/0x10 [ 97.176230][ T9903] kfree+0x10a/0x2c0 [ 97.176243][ T9903] nf_tables_table_destroy.isra.0+0xef/0x150 [ 97.176255][ T9903] nf_tables_trans_destroy_work+0x406/0x7c0 [ 97.176267][ T9903] process_one_work+0x9af/0x1740 [ 97.176275][ T9903] worker_thread+0x98/0xe40 [ 97.176284][ T9903] kthread+0x361/0x430 [ 97.176293][ T9903] ret_from_fork+0x24/0x30 [ 97.176304][ T9903] [ 97.181289][ T9904] Code: be fd 0f 0b 4c 89 ea 4c 89 f6 48 c7 c7 60 69 71 88 e8 e0 de be fd 0f 0b 4c 89 e2 4c 89 f6 48 c7 c7 c0 69 71 88 e8 cc de be fd <0f> 0b 4c 89 f6 48 c7 c7 80 6a 71 88 e8 bb de be fd 0f 0b cc cc cc [ 97.188663][ T9903] The buggy address belongs to the object at ffff8880a3be8c00 [ 97.188663][ T9903] which belongs to the cache kmalloc-512 of size 512 [ 97.188680][ T9903] The buggy address is located 8 bytes inside of [ 97.188680][ T9903] 512-byte region [ffff8880a3be8c00, ffff8880a3be8e00) [ 97.188685][ T9903] The buggy address belongs to the page: [ 97.188699][ T9903] page:ffffea00028efa00 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0x0 [ 97.188719][ T9903] raw: 00fffe0000000200 ffffea00026cda88 ffffea0002a43f88 ffff8880aa400a80 [ 97.188735][ T9903] raw: 0000000000000000 ffff8880a3be8000 0000000100000004 0000000000000000 [ 97.188751][ T9903] page dumped because: kasan: bad access detected [ 97.193314][ T9904] RSP: 0018:ffffc900021b7478 EFLAGS: 00010282 [ 97.196806][ T9903] [ 97.196810][ T9903] Memory state around the buggy address: [ 97.196824][ T9903] ffff8880a3be8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.196836][ T9903] ffff8880a3be8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.196847][ T9903] >ffff8880a3be8c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 97.196852][ T9903] ^ [ 97.196863][ T9903] ffff8880a3be8c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 97.196872][ T9903] ffff8880a3be8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 97.196882][ T9903] ================================================================== [ 97.202973][ T9904] RAX: 000000000000004e RBX: ffff8880a3be8400 RCX: 0000000000000000 [ 97.221620][ T9903] Kernel panic - not syncing: panic_on_warn set ... [ 97.223538][ T9906] list_del corruption, ffff88809579a400->prev is LIST_POISON2 (dead000000000122) [ 97.230377][ T9903] Kernel Offset: disabled [ 97.526105][ T9903] Rebooting in 86400 seconds..