[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 63.287300][ T7042] ================================================================== [ 63.295724][ T7042] BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560 [ 63.304388][ T7042] [ 63.306728][ T7042] CPU: 1 PID: 7042 Comm: syz-executor021 Not tainted 5.6.0-syzkaller #0 [ 63.315092][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.325279][ T7042] Call Trace: [ 63.328570][ T7042] dump_stack+0x188/0x20d [ 63.332897][ T7042] print_address_description.constprop.0.cold+0xd3/0x315 [ 63.339936][ T7042] ? nf_tables_newset+0x1ed6/0x2560 [ 63.345232][ T7042] kasan_report_invalid_free+0x61/0xa0 [ 63.350775][ T7042] ? nf_tables_newset+0x1ed6/0x2560 [ 63.355971][ T7042] __kasan_slab_free+0x129/0x140 [ 63.361131][ T7042] ? nf_tables_newset+0x1ed6/0x2560 [ 63.366451][ T7042] kfree+0x109/0x2b0 [ 63.370360][ T7042] nf_tables_newset+0x1ed6/0x2560 [ 63.375638][ T7042] ? lock_downgrade+0x840/0x840 [ 63.380671][ T7042] ? nft_set_elem_expr_alloc+0x200/0x200 [ 63.386536][ T7042] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 63.392449][ T7042] ? __nla_parse+0x2e/0x60 [ 63.396886][ T7042] nfnetlink_rcv_batch+0x83a/0x1610 [ 63.402081][ T7042] ? nft_set_elem_expr_alloc+0x200/0x200 [ 63.407709][ T7042] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 63.413534][ T7042] ? __nla_validate_parse+0x2af/0x1cd0 [ 63.418986][ T7042] ? cap_capable+0x1eb/0x250 [ 63.423582][ T7042] ? nla_memcpy+0xa0/0xa0 [ 63.427926][ T7042] ? ns_capable_common+0xe2/0x100 [ 63.433070][ T7042] ? __nla_parse+0x2e/0x60 [ 63.437485][ T7042] nfnetlink_rcv+0x3af/0x420 [ 63.442084][ T7042] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 63.447656][ T7042] netlink_unicast+0x537/0x740 [ 63.452427][ T7042] ? netlink_attachskb+0x810/0x810 [ 63.457544][ T7042] ? _copy_from_iter_full+0x25c/0x870 [ 63.463064][ T7042] ? __phys_addr_symbol+0x2c/0x70 [ 63.468092][ T7042] ? __check_object_size+0x171/0x437 [ 63.473389][ T7042] netlink_sendmsg+0x882/0xe10 [ 63.478144][ T7042] ? aa_af_perm+0x260/0x260 [ 63.483079][ T7042] ? netlink_unicast+0x740/0x740 [ 63.488132][ T7042] ? netlink_unicast+0x740/0x740 [ 63.493070][ T7042] sock_sendmsg+0xcf/0x120 [ 63.497490][ T7042] ____sys_sendmsg+0x6bf/0x7e0 [ 63.502264][ T7042] ? print_usage_bug+0x240/0x240 [ 63.507286][ T7042] ? kernel_sendmsg+0x50/0x50 [ 63.511966][ T7042] ___sys_sendmsg+0x100/0x170 [ 63.516644][ T7042] ? sendmsg_copy_msghdr+0x70/0x70 [ 63.521775][ T7042] ? mark_held_locks+0xe0/0xe0 [ 63.526560][ T7042] ? __this_cpu_preempt_check+0x28/0x190 [ 63.532199][ T7042] ? percpu_counter_add_batch+0x123/0x180 [ 63.537927][ T7042] ? find_held_lock+0x2d/0x110 [ 63.542680][ T7042] ? __fd_install+0x1b4/0x600 [ 63.547461][ T7042] ? lock_downgrade+0x840/0x840 [ 63.552315][ T7042] ? __fget_light+0x1ab/0x270 [ 63.557106][ T7042] __sys_sendmsg+0xec/0x1b0 [ 63.561712][ T7042] ? __sys_sendmsg_sock+0xb0/0xb0 [ 63.566745][ T7042] ? trace_hardirqs_off_caller+0x55/0x230 [ 63.572604][ T7042] ? do_syscall_64+0x21/0x7d0 [ 63.577459][ T7042] do_syscall_64+0xf6/0x7d0 [ 63.581964][ T7042] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.588188][ T7042] RIP: 0033:0x441279 [ 63.592073][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.612005][ T7042] RSP: 002b:00007ffde8afd448 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.620530][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279 [ 63.628513][ T7042] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004 [ 63.636474][ T7042] RBP: 000000000000f700 R08: 00000000004002c8 R09: 00000000004002c8 [ 63.644439][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0 [ 63.652406][ T7042] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 [ 63.660379][ T7042] [ 63.662699][ T7042] Allocated by task 7042: [ 63.667029][ T7042] save_stack+0x1b/0x80 [ 63.671332][ T7042] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.676960][ T7042] __kmalloc_track_caller+0x159/0x7a0 [ 63.682325][ T7042] kvasprintf+0xb5/0x150 [ 63.686549][ T7042] kasprintf+0xbb/0xf0 [ 63.690609][ T7042] nf_tables_newset+0x1543/0x2560 [ 63.695633][ T7042] nfnetlink_rcv_batch+0x83a/0x1610 [ 63.700818][ T7042] nfnetlink_rcv+0x3af/0x420 [ 63.705392][ T7042] netlink_unicast+0x537/0x740 [ 63.710154][ T7042] netlink_sendmsg+0x882/0xe10 [ 63.714931][ T7042] sock_sendmsg+0xcf/0x120 [ 63.719365][ T7042] ____sys_sendmsg+0x6bf/0x7e0 [ 63.724157][ T7042] ___sys_sendmsg+0x100/0x170 [ 63.728836][ T7042] __sys_sendmsg+0xec/0x1b0 [ 63.733341][ T7042] do_syscall_64+0xf6/0x7d0 [ 63.737841][ T7042] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.743765][ T7042] [ 63.746082][ T7042] Freed by task 7042: [ 63.750054][ T7042] save_stack+0x1b/0x80 [ 63.754314][ T7042] __kasan_slab_free+0xf7/0x140 [ 63.759292][ T7042] kfree+0x109/0x2b0 [ 63.763229][ T7042] nf_tables_newset+0x1f73/0x2560 [ 63.768244][ T7042] nfnetlink_rcv_batch+0x83a/0x1610 [ 63.773428][ T7042] nfnetlink_rcv+0x3af/0x420 [ 63.778005][ T7042] netlink_unicast+0x537/0x740 [ 63.782774][ T7042] netlink_sendmsg+0x882/0xe10 [ 63.787525][ T7042] sock_sendmsg+0xcf/0x120 [ 63.791946][ T7042] ____sys_sendmsg+0x6bf/0x7e0 [ 63.796852][ T7042] ___sys_sendmsg+0x100/0x170 [ 63.801529][ T7042] __sys_sendmsg+0xec/0x1b0 [ 63.806026][ T7042] do_syscall_64+0xf6/0x7d0 [ 63.810517][ T7042] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.816389][ T7042] [ 63.818717][ T7042] The buggy address belongs to the object at ffff88809e1ab280 [ 63.818717][ T7042] which belongs to the cache kmalloc-32 of size 32 [ 63.832595][ T7042] The buggy address is located 0 bytes inside of [ 63.832595][ T7042] 32-byte region [ffff88809e1ab280, ffff88809e1ab2a0) [ 63.845598][ T7042] The buggy address belongs to the page: [ 63.851231][ T7042] page:ffffea0002786ac0 refcount:1 mapcount:0 mapping:ffff8880aa0001c0 index:0xffff88809e1abfc1 [ 63.861626][ T7042] flags: 0xfffe0000000200(slab) [ 63.866489][ T7042] raw: 00fffe0000000200 ffffea00027f1848 ffffea0002789388 ffff8880aa0001c0 [ 63.875082][ T7042] raw: ffff88809e1abfc1 ffff88809e1ab000 0000000100000032 0000000000000000 [ 63.883846][ T7042] page dumped because: kasan: bad access detected [ 63.890322][ T7042] [ 63.892647][ T7042] Memory state around the buggy address: [ 63.898272][ T7042] ffff88809e1ab180: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 63.906324][ T7042] ffff88809e1ab200: 00 00 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 63.914381][ T7042] >ffff88809e1ab280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.922444][ T7042] ^ [ 63.926505][ T7042] ffff88809e1ab300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.934589][ T7042] ffff88809e1ab380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.942637][ T7042] ================================================================== [ 63.950697][ T7042] Disabling lock debugging due to kernel taint [ 63.956833][ T7042] Kernel panic - not syncing: panic_on_warn set ... [ 63.963415][ T7042] CPU: 1 PID: 7042 Comm: syz-executor021 Tainted: G B 5.6.0-syzkaller #0 [ 63.973346][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.983599][ T7042] Call Trace: [ 63.988279][ T7042] dump_stack+0x188/0x20d [ 63.992954][ T7042] panic+0x2e3/0x75c [ 63.996835][ T7042] ? add_taint.cold+0x16/0x16 [ 64.001532][ T7042] ? print_shadow_for_address+0xb8/0x114 [ 64.007183][ T7042] ? trace_hardirqs_off+0x50/0x220 [ 64.012281][ T7042] ? nf_tables_newset+0x1ed6/0x2560 [ 64.017481][ T7042] end_report+0x43/0x49 [ 64.021637][ T7042] kasan_report_invalid_free+0x7d/0xa0 [ 64.027081][ T7042] ? nf_tables_newset+0x1ed6/0x2560 [ 64.032261][ T7042] __kasan_slab_free+0x129/0x140 [ 64.037198][ T7042] ? nf_tables_newset+0x1ed6/0x2560 [ 64.042377][ T7042] kfree+0x109/0x2b0 [ 64.046257][ T7042] nf_tables_newset+0x1ed6/0x2560 [ 64.051292][ T7042] ? lock_downgrade+0x840/0x840 [ 64.056132][ T7042] ? nft_set_elem_expr_alloc+0x200/0x200 [ 64.061751][ T7042] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 64.067733][ T7042] ? __nla_parse+0x2e/0x60 [ 64.072255][ T7042] nfnetlink_rcv_batch+0x83a/0x1610 [ 64.077468][ T7042] ? nft_set_elem_expr_alloc+0x200/0x200 [ 64.083209][ T7042] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 64.089092][ T7042] ? __nla_validate_parse+0x2af/0x1cd0 [ 64.094549][ T7042] ? cap_capable+0x1eb/0x250 [ 64.099140][ T7042] ? nla_memcpy+0xa0/0xa0 [ 64.103477][ T7042] ? ns_capable_common+0xe2/0x100 [ 64.108481][ T7042] ? __nla_parse+0x2e/0x60 [ 64.112919][ T7042] nfnetlink_rcv+0x3af/0x420 [ 64.117510][ T7042] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 64.122969][ T7042] netlink_unicast+0x537/0x740 [ 64.127719][ T7042] ? netlink_attachskb+0x810/0x810 [ 64.132837][ T7042] ? _copy_from_iter_full+0x25c/0x870 [ 64.138207][ T7042] ? __phys_addr_symbol+0x2c/0x70 [ 64.143214][ T7042] ? __check_object_size+0x171/0x437 [ 64.148500][ T7042] netlink_sendmsg+0x882/0xe10 [ 64.153406][ T7042] ? aa_af_perm+0x260/0x260 [ 64.158032][ T7042] ? netlink_unicast+0x740/0x740 [ 64.162982][ T7042] ? netlink_unicast+0x740/0x740 [ 64.167943][ T7042] sock_sendmsg+0xcf/0x120 [ 64.172350][ T7042] ____sys_sendmsg+0x6bf/0x7e0 [ 64.177209][ T7042] ? print_usage_bug+0x240/0x240 [ 64.182183][ T7042] ? kernel_sendmsg+0x50/0x50 [ 64.186998][ T7042] ___sys_sendmsg+0x100/0x170 [ 64.191726][ T7042] ? sendmsg_copy_msghdr+0x70/0x70 [ 64.196984][ T7042] ? mark_held_locks+0xe0/0xe0 [ 64.201744][ T7042] ? __this_cpu_preempt_check+0x28/0x190 [ 64.207458][ T7042] ? percpu_counter_add_batch+0x123/0x180 [ 64.213185][ T7042] ? find_held_lock+0x2d/0x110 [ 64.218039][ T7042] ? __fd_install+0x1b4/0x600 [ 64.222707][ T7042] ? lock_downgrade+0x840/0x840 [ 64.227560][ T7042] ? __fget_light+0x1ab/0x270 [ 64.232241][ T7042] __sys_sendmsg+0xec/0x1b0 [ 64.236732][ T7042] ? __sys_sendmsg_sock+0xb0/0xb0 [ 64.241762][ T7042] ? trace_hardirqs_off_caller+0x55/0x230 [ 64.247503][ T7042] ? do_syscall_64+0x21/0x7d0 [ 64.252276][ T7042] do_syscall_64+0xf6/0x7d0 [ 64.257210][ T7042] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.263084][ T7042] RIP: 0033:0x441279 [ 64.266979][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.286912][ T7042] RSP: 002b:00007ffde8afd448 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.295309][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279 [ 64.303872][ T7042] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004 [ 64.311943][ T7042] RBP: 000000000000f700 R08: 00000000004002c8 R09: 00000000004002c8 [ 64.319917][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0 [ 64.327870][ T7042] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 [ 64.337261][ T7042] Kernel Offset: disabled [ 64.341645][ T7042] Rebooting in 86400 seconds..