Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 68.820352][ T7025] ================================================================== [ 68.828844][ T7025] BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560 [ 68.837770][ T7025] [ 68.840190][ T7025] CPU: 1 PID: 7025 Comm: syz-executor895 Not tainted 5.6.0-syzkaller #0 [ 68.848985][ T7025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.859304][ T7025] Call Trace: [ 68.862601][ T7025] dump_stack+0x188/0x20d [ 68.867041][ T7025] print_address_description.constprop.0.cold+0xd3/0x315 [ 68.874069][ T7025] ? nf_tables_newset+0x1ed6/0x2560 [ 68.879284][ T7025] kasan_report_invalid_free+0x61/0xa0 [ 68.884757][ T7025] ? nf_tables_newset+0x1ed6/0x2560 [ 68.889940][ T7025] __kasan_slab_free+0x129/0x140 [ 68.894882][ T7025] ? nf_tables_newset+0x1ed6/0x2560 [ 68.900071][ T7025] kfree+0x109/0x2b0 [ 68.903983][ T7025] nf_tables_newset+0x1ed6/0x2560 [ 68.909013][ T7025] ? lock_downgrade+0x840/0x840 [ 68.913858][ T7025] ? nft_set_elem_expr_alloc+0x200/0x200 [ 68.919481][ T7025] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 68.925372][ T7025] ? __nla_parse+0x2e/0x60 [ 68.929796][ T7025] nfnetlink_rcv_batch+0x83a/0x1610 [ 68.935012][ T7025] ? nft_set_elem_expr_alloc+0x200/0x200 [ 68.940651][ T7025] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 68.946494][ T7025] ? __nla_validate_parse+0x2af/0x1cd0 [ 68.951961][ T7025] ? cap_capable+0x1eb/0x250 [ 68.956638][ T7025] ? nla_memcpy+0xa0/0xa0 [ 68.960976][ T7025] ? ns_capable_common+0xe2/0x100 [ 68.966228][ T7025] ? __nla_parse+0x2e/0x60 [ 68.970658][ T7025] nfnetlink_rcv+0x3af/0x420 [ 68.975258][ T7025] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 68.980740][ T7025] netlink_unicast+0x537/0x740 [ 68.985510][ T7025] ? netlink_attachskb+0x810/0x810 [ 68.990618][ T7025] ? _copy_from_iter_full+0x25c/0x870 [ 68.995984][ T7025] ? __phys_addr_symbol+0x2c/0x70 [ 69.001013][ T7025] ? __check_object_size+0x171/0x437 [ 69.006460][ T7025] netlink_sendmsg+0x882/0xe10 [ 69.011239][ T7025] ? aa_af_perm+0x260/0x260 [ 69.015727][ T7025] ? netlink_unicast+0x740/0x740 [ 69.020672][ T7025] ? netlink_unicast+0x740/0x740 [ 69.025592][ T7025] sock_sendmsg+0xcf/0x120 [ 69.030002][ T7025] ____sys_sendmsg+0x6bf/0x7e0 [ 69.034763][ T7025] ? get_compat_msghdr+0xd1/0x120 [ 69.039906][ T7025] ? kernel_sendmsg+0x50/0x50 [ 69.044582][ T7025] ___sys_sendmsg+0x100/0x170 [ 69.049457][ T7025] ? sendmsg_copy_msghdr+0x70/0x70 [ 69.054693][ T7025] ? mark_held_locks+0xe0/0xe0 [ 69.059617][ T7025] ? __this_cpu_preempt_check+0x28/0x190 [ 69.065263][ T7025] ? percpu_counter_add_batch+0x123/0x180 [ 69.071116][ T7025] ? find_held_lock+0x2d/0x110 [ 69.075994][ T7025] ? __fd_install+0x1b4/0x600 [ 69.080669][ T7025] ? lock_downgrade+0x840/0x840 [ 69.085541][ T7025] ? __fget_light+0x1ab/0x270 [ 69.090940][ T7025] __sys_sendmsg+0xec/0x1b0 [ 69.095467][ T7025] ? __sys_sendmsg_sock+0xb0/0xb0 [ 69.100488][ T7025] ? trace_hardirqs_off_caller+0x55/0x230 [ 69.106329][ T7025] ? do_fast_syscall_32+0xcc/0xe90 [ 69.111448][ T7025] do_fast_syscall_32+0x270/0xe90 [ 69.116663][ T7025] entry_SYSENTER_compat+0x70/0x7f [ 69.121780][ T7025] [ 69.124105][ T7025] Allocated by task 7025: [ 69.128920][ T7025] save_stack+0x1b/0x40 [ 69.133078][ T7025] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 69.138760][ T7025] __kmalloc_track_caller+0x159/0x7a0 [ 69.144836][ T7025] kvasprintf+0xb5/0x150 [ 69.150037][ T7025] kasprintf+0xbb/0xf0 [ 69.154360][ T7025] nf_tables_newset+0x1543/0x2560 [ 69.159551][ T7025] nfnetlink_rcv_batch+0x83a/0x1610 [ 69.164922][ T7025] nfnetlink_rcv+0x3af/0x420 [ 69.169528][ T7025] netlink_unicast+0x537/0x740 [ 69.174319][ T7025] netlink_sendmsg+0x882/0xe10 [ 69.179161][ T7025] sock_sendmsg+0xcf/0x120 [ 69.183581][ T7025] ____sys_sendmsg+0x6bf/0x7e0 [ 69.188438][ T7025] ___sys_sendmsg+0x100/0x170 [ 69.193123][ T7025] __sys_sendmsg+0xec/0x1b0 [ 69.197914][ T7025] do_fast_syscall_32+0x270/0xe90 [ 69.202957][ T7025] entry_SYSENTER_compat+0x70/0x7f [ 69.208062][ T7025] [ 69.210466][ T7025] Freed by task 7025: [ 69.214434][ T7025] save_stack+0x1b/0x40 [ 69.218585][ T7025] __kasan_slab_free+0xf7/0x140 [ 69.223807][ T7025] kfree+0x109/0x2b0 [ 69.227846][ T7025] nf_tables_newset+0x1f73/0x2560 [ 69.232904][ T7025] nfnetlink_rcv_batch+0x83a/0x1610 [ 69.238130][ T7025] nfnetlink_rcv+0x3af/0x420 [ 69.242876][ T7025] netlink_unicast+0x537/0x740 [ 69.247661][ T7025] netlink_sendmsg+0x882/0xe10 [ 69.252425][ T7025] sock_sendmsg+0xcf/0x120 [ 69.256907][ T7025] ____sys_sendmsg+0x6bf/0x7e0 [ 69.261792][ T7025] ___sys_sendmsg+0x100/0x170 [ 69.266465][ T7025] __sys_sendmsg+0xec/0x1b0 [ 69.270971][ T7025] do_fast_syscall_32+0x270/0xe90 [ 69.275999][ T7025] entry_SYSENTER_compat+0x70/0x7f [ 69.281181][ T7025] [ 69.283524][ T7025] The buggy address belongs to the object at ffff88809da56740 [ 69.283524][ T7025] which belongs to the cache kmalloc-32 of size 32 [ 69.297515][ T7025] The buggy address is located 0 bytes inside of [ 69.297515][ T7025] 32-byte region [ffff88809da56740, ffff88809da56760) [ 69.310777][ T7025] The buggy address belongs to the page: [ 69.316431][ T7025] page:ffffea0002769580 refcount:1 mapcount:0 mapping:0000000035ffb096 index:0xffff88809da56fc1 [ 69.326958][ T7025] flags: 0xfffe0000000200(slab) [ 69.332033][ T7025] raw: 00fffe0000000200 ffffea0002765c88 ffff8880aa001250 ffff8880aa0001c0 [ 69.340762][ T7025] raw: ffff88809da56fc1 ffff88809da56000 000000010000003f 0000000000000000 [ 69.349342][ T7025] page dumped because: kasan: bad access detected [ 69.356907][ T7025] [ 69.359226][ T7025] Memory state around the buggy address: [ 69.364852][ T7025] ffff88809da56600: 00 06 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 69.373016][ T7025] ffff88809da56680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 69.381182][ T7025] >ffff88809da56700: 07 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 69.389308][ T7025] ^ [ 69.395451][ T7025] ffff88809da56780: 00 06 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 69.403586][ T7025] ffff88809da56800: 00 00 fc fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 69.411628][ T7025] ================================================================== [ 69.419711][ T7025] Disabling lock debugging due to kernel taint [ 69.425843][ T7025] Kernel panic - not syncing: panic_on_warn set ... [ 69.432415][ T7025] CPU: 1 PID: 7025 Comm: syz-executor895 Tainted: G B 5.6.0-syzkaller #0 [ 69.442105][ T7025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.452161][ T7025] Call Trace: [ 69.455510][ T7025] dump_stack+0x188/0x20d [ 69.459923][ T7025] panic+0x2e3/0x75c [ 69.463821][ T7025] ? add_taint.cold+0x16/0x16 [ 69.468533][ T7025] ? print_shadow_for_address+0xb8/0x114 [ 69.474149][ T7025] ? trace_hardirqs_off+0x50/0x220 [ 69.479263][ T7025] ? nf_tables_newset+0x1ed6/0x2560 [ 69.484461][ T7025] end_report+0x4d/0x53 [ 69.488606][ T7025] kasan_report_invalid_free+0x7d/0xa0 [ 69.494158][ T7025] ? nf_tables_newset+0x1ed6/0x2560 [ 69.499351][ T7025] __kasan_slab_free+0x129/0x140 [ 69.504284][ T7025] ? nf_tables_newset+0x1ed6/0x2560 [ 69.509461][ T7025] kfree+0x109/0x2b0 [ 69.513373][ T7025] nf_tables_newset+0x1ed6/0x2560 [ 69.518386][ T7025] ? lock_downgrade+0x840/0x840 [ 69.527144][ T7025] ? nft_set_elem_expr_alloc+0x200/0x200 [ 69.532775][ T7025] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 69.538662][ T7025] ? __nla_parse+0x2e/0x60 [ 69.543085][ T7025] nfnetlink_rcv_batch+0x83a/0x1610 [ 69.548540][ T7025] ? nft_set_elem_expr_alloc+0x200/0x200 [ 69.554221][ T7025] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 69.560199][ T7025] ? __nla_validate_parse+0x2af/0x1cd0 [ 69.565659][ T7025] ? cap_capable+0x1eb/0x250 [ 69.570238][ T7025] ? nla_memcpy+0xa0/0xa0 [ 69.574568][ T7025] ? ns_capable_common+0xe2/0x100 [ 69.579589][ T7025] ? __nla_parse+0x2e/0x60 [ 69.583991][ T7025] nfnetlink_rcv+0x3af/0x420 [ 69.588576][ T7025] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 69.594027][ T7025] netlink_unicast+0x537/0x740 [ 69.598774][ T7025] ? netlink_attachskb+0x810/0x810 [ 69.603953][ T7025] ? _copy_from_iter_full+0x25c/0x870 [ 69.609752][ T7025] ? __phys_addr_symbol+0x2c/0x70 [ 69.614792][ T7025] ? __check_object_size+0x171/0x437 [ 69.620116][ T7025] netlink_sendmsg+0x882/0xe10 [ 69.624878][ T7025] ? aa_af_perm+0x260/0x260 [ 69.629361][ T7025] ? netlink_unicast+0x740/0x740 [ 69.634309][ T7025] ? netlink_unicast+0x740/0x740 [ 69.639283][ T7025] sock_sendmsg+0xcf/0x120 [ 69.643722][ T7025] ____sys_sendmsg+0x6bf/0x7e0 [ 69.648481][ T7025] ? get_compat_msghdr+0xd1/0x120 [ 69.653497][ T7025] ? kernel_sendmsg+0x50/0x50 [ 69.658165][ T7025] ___sys_sendmsg+0x100/0x170 [ 69.662836][ T7025] ? sendmsg_copy_msghdr+0x70/0x70 [ 69.667952][ T7025] ? mark_held_locks+0xe0/0xe0 [ 69.672808][ T7025] ? __this_cpu_preempt_check+0x28/0x190 [ 69.678623][ T7025] ? percpu_counter_add_batch+0x123/0x180 [ 69.684362][ T7025] ? find_held_lock+0x2d/0x110 [ 69.689525][ T7025] ? __fd_install+0x1b4/0x600 [ 69.694624][ T7025] ? lock_downgrade+0x840/0x840 [ 69.699722][ T7025] ? __fget_light+0x1ab/0x270 [ 69.704397][ T7025] __sys_sendmsg+0xec/0x1b0 [ 69.709051][ T7025] ? __sys_sendmsg_sock+0xb0/0xb0 [ 69.714553][ T7025] ? trace_hardirqs_off_caller+0x55/0x230 [ 69.720795][ T7025] ? do_fast_syscall_32+0xcc/0xe90 [ 69.726358][ T7025] do_fast_syscall_32+0x270/0xe90 [ 69.731497][ T7025] entry_SYSENTER_compat+0x70/0x7f [ 69.738184][ T7025] Kernel Offset: disabled [ 69.742596][ T7025] Rebooting in 86400 seconds..