[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 78.966148][ T27] audit: type=1800 audit(1583660976.474:25): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 78.985995][ T27] audit: type=1800 audit(1583660976.474:26): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 79.052338][ T27] audit: type=1800 audit(1583660976.474:27): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.232' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 90.394931][ T9507] IPVS: ftp: loaded support on port[0] = 21 [ 90.424490][ T9507] ================================================================== [ 90.432828][ T9507] BUG: KASAN: double-free or invalid-free in tcf_exts_destroy+0x62/0xc0 [ 90.441147][ T9507] [ 90.443467][ T9507] CPU: 1 PID: 9507 Comm: syz-executor467 Not tainted 5.6.0-rc4-syzkaller #0 [ 90.452177][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.462236][ T9507] Call Trace: [ 90.465604][ T9507] dump_stack+0x188/0x20d [ 90.469971][ T9507] print_address_description.constprop.0.cold+0xd3/0x315 [ 90.476988][ T9507] ? tcf_exts_destroy+0x62/0xc0 [ 90.481821][ T9507] kasan_report_invalid_free+0x61/0xa0 [ 90.487276][ T9507] ? tcf_exts_destroy+0x62/0xc0 [ 90.492112][ T9507] __kasan_slab_free+0x129/0x140 [ 90.497174][ T9507] ? tcf_exts_destroy+0x62/0xc0 [ 90.502021][ T9507] kfree+0x109/0x2b0 [ 90.505911][ T9507] tcf_exts_destroy+0x62/0xc0 [ 90.510573][ T9507] tcf_exts_change+0xf4/0x150 [ 90.515235][ T9507] ? tcf_exts_destroy+0xc0/0xc0 [ 90.520082][ T9507] tcindex_set_parms+0xed8/0x1a00 [ 90.525144][ T9507] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 90.531032][ T9507] ? mark_held_locks+0xe0/0xe0 [ 90.535893][ T9507] ? nla_memcpy+0xa0/0xa0 [ 90.540232][ T9507] ? tcindex_change+0x203/0x2e0 [ 90.545171][ T9507] tcindex_change+0x203/0x2e0 [ 90.549979][ T9507] ? tcindex_set_parms+0x1a00/0x1a00 [ 90.555273][ T9507] tc_new_tfilter+0xa59/0x20b0 [ 90.560029][ T9507] ? tcindex_set_parms+0x1a00/0x1a00 [ 90.565302][ T9507] ? tc_del_tfilter+0x1430/0x1430 [ 90.570326][ T9507] ? __lock_acquire+0x80b/0x3ca0 [ 90.575253][ T9507] ? apparmor_capable+0x454/0x8a0 [ 90.580281][ T9507] ? rcu_read_lock_held+0x9c/0xb0 [ 90.585296][ T9507] ? tc_del_tfilter+0x1430/0x1430 [ 90.590313][ T9507] rtnetlink_rcv_msg+0x810/0xad0 [ 90.595253][ T9507] ? rtnl_bridge_getlink+0x880/0x880 [ 90.600538][ T9507] ? mark_held_locks+0xe0/0xe0 [ 90.605295][ T9507] ? netlink_deliver_tap+0x146/0xb50 [ 90.610598][ T9507] netlink_rcv_skb+0x15a/0x410 [ 90.615364][ T9507] ? rtnl_bridge_getlink+0x880/0x880 [ 90.620649][ T9507] ? netlink_ack+0xa80/0xa80 [ 90.625237][ T9507] netlink_unicast+0x537/0x740 [ 90.629988][ T9507] ? netlink_attachskb+0x810/0x810 [ 90.639341][ T9507] ? _copy_from_iter_full+0x25c/0x870 [ 90.644700][ T9507] ? __phys_addr_symbol+0x2c/0x70 [ 90.649714][ T9507] ? __check_object_size+0x171/0x437 [ 90.654984][ T9507] netlink_sendmsg+0x882/0xe10 [ 90.659762][ T9507] ? aa_af_perm+0x260/0x260 [ 90.664250][ T9507] ? netlink_unicast+0x740/0x740 [ 90.669246][ T9507] ? netlink_unicast+0x740/0x740 [ 90.674187][ T9507] sock_sendmsg+0xcf/0x120 [ 90.678603][ T9507] ____sys_sendmsg+0x6b9/0x7d0 [ 90.683379][ T9507] ? kernel_sendmsg+0x50/0x50 [ 90.688049][ T9507] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 90.693588][ T9507] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 90.699593][ T9507] ___sys_sendmsg+0x100/0x170 [ 90.704274][ T9507] ? sendmsg_copy_msghdr+0x70/0x70 [ 90.709430][ T9507] ? lock_downgrade+0x7f0/0x7f0 [ 90.714301][ T9507] ? lock_acquire+0x197/0x420 [ 90.718995][ T9507] ? __might_fault+0xef/0x1d0 [ 90.723664][ T9507] ? __might_fault+0x190/0x1d0 [ 90.728414][ T9507] ? _copy_to_user+0x107/0x150 [ 90.733292][ T9507] ? move_addr_to_user+0xb3/0x200 [ 90.738319][ T9507] ? __fget_light+0x1a5/0x270 [ 90.742996][ T9507] __sys_sendmsg+0xec/0x1b0 [ 90.747494][ T9507] ? __sys_sendmsg_sock+0xb0/0xb0 [ 90.752506][ T9507] ? mark_held_locks+0x9f/0xe0 [ 90.757272][ T9507] ? trace_hardirqs_off_caller+0x55/0x230 [ 90.762982][ T9507] ? do_fast_syscall_32+0xcc/0xe8f [ 90.774863][ T9507] do_fast_syscall_32+0x270/0xe8f [ 90.779880][ T9507] entry_SYSENTER_compat+0x70/0x7f [ 90.784985][ T9507] [ 90.787297][ T9507] Allocated by task 1: [ 90.791372][ T9507] save_stack+0x1b/0x80 [ 90.795527][ T9507] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 90.801252][ T9507] kmem_cache_alloc_trace+0x153/0x7d0 [ 90.806701][ T9507] __class_register+0x46/0x450 [ 90.811453][ T9507] spi_transport_init+0xf0/0x132 [ 90.816383][ T9507] do_one_initcall+0x10a/0x7d0 [ 90.821139][ T9507] kernel_init_freeable+0x501/0x5ae [ 90.826330][ T9507] kernel_init+0xd/0x1bb [ 90.830647][ T9507] ret_from_fork+0x24/0x30 [ 90.835037][ T9507] [ 90.837347][ T9507] Freed by task 0: [ 90.841101][ T9507] (stack is not available) [ 90.845499][ T9507] [ 90.847813][ T9507] The buggy address belongs to the object at ffff8880a12d5000 [ 90.847813][ T9507] which belongs to the cache kmalloc-1k of size 1024 [ 90.862000][ T9507] The buggy address is located 152 bytes inside of [ 90.862000][ T9507] 1024-byte region [ffff8880a12d5000, ffff8880a12d5400) [ 90.875357][ T9507] The buggy address belongs to the page: [ 90.881073][ T9507] page:ffffea000284b540 refcount:1 mapcount:0 mapping:ffff8880aa000c40 index:0x0 [ 90.890280][ T9507] flags: 0xfffe0000000200(slab) [ 90.895149][ T9507] raw: 00fffe0000000200 ffffea000285c288 ffffea000284b588 ffff8880aa000c40 [ 90.903724][ T9507] raw: 0000000000000000 ffff8880a12d5000 0000000100000002 0000000000000000 [ 90.912632][ T9507] page dumped because: kasan: bad access detected [ 90.919074][ T9507] [ 90.921391][ T9507] Memory state around the buggy address: [ 90.927091][ T9507] ffff8880a12d4f80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 90.935143][ T9507] ffff8880a12d5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 90.943201][ T9507] >ffff8880a12d5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 90.951682][ T9507] ^ [ 90.956512][ T9507] ffff8880a12d5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 90.964557][ T9507] ffff8880a12d5180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 90.972611][ T9507] ================================================================== [ 90.980654][ T9507] Disabling lock debugging due to kernel taint [ 90.986895][ T9507] Kernel panic - not syncing: panic_on_warn set ... [ 90.993478][ T9507] CPU: 1 PID: 9507 Comm: syz-executor467 Tainted: G B 5.6.0-rc4-syzkaller #0 [ 91.003521][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 91.013563][ T9507] Call Trace: [ 91.016851][ T9507] dump_stack+0x188/0x20d [ 91.021517][ T9507] panic+0x2e3/0x75c [ 91.025418][ T9507] ? add_taint.cold+0x16/0x16 [ 91.030081][ T9507] ? print_shadow_for_address+0xb8/0x114 [ 91.035789][ T9507] ? trace_hardirqs_off+0x50/0x220 [ 91.040896][ T9507] ? tcf_exts_destroy+0x62/0xc0 [ 91.045807][ T9507] end_report+0x43/0x49 [ 91.049958][ T9507] kasan_report_invalid_free+0x7d/0xa0 [ 91.055411][ T9507] ? tcf_exts_destroy+0x62/0xc0 [ 91.060241][ T9507] __kasan_slab_free+0x129/0x140 [ 91.065155][ T9507] ? tcf_exts_destroy+0x62/0xc0 [ 91.070032][ T9507] kfree+0x109/0x2b0 [ 91.073926][ T9507] tcf_exts_destroy+0x62/0xc0 [ 91.078626][ T9507] tcf_exts_change+0xf4/0x150 [ 91.083295][ T9507] ? tcf_exts_destroy+0xc0/0xc0 [ 91.088132][ T9507] tcindex_set_parms+0xed8/0x1a00 [ 91.093165][ T9507] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 91.099156][ T9507] ? mark_held_locks+0xe0/0xe0 [ 91.103928][ T9507] ? nla_memcpy+0xa0/0xa0 [ 91.108241][ T9507] ? tcindex_change+0x203/0x2e0 [ 91.113340][ T9507] tcindex_change+0x203/0x2e0 [ 91.118006][ T9507] ? tcindex_set_parms+0x1a00/0x1a00 [ 91.123305][ T9507] tc_new_tfilter+0xa59/0x20b0 [ 91.128071][ T9507] ? tcindex_set_parms+0x1a00/0x1a00 [ 91.133343][ T9507] ? tc_del_tfilter+0x1430/0x1430 [ 91.138352][ T9507] ? __lock_acquire+0x80b/0x3ca0 [ 91.143272][ T9507] ? apparmor_capable+0x454/0x8a0 [ 91.148369][ T9507] ? rcu_read_lock_held+0x9c/0xb0 [ 91.153379][ T9507] ? tc_del_tfilter+0x1430/0x1430 [ 91.158383][ T9507] rtnetlink_rcv_msg+0x810/0xad0 [ 91.163302][ T9507] ? rtnl_bridge_getlink+0x880/0x880 [ 91.168573][ T9507] ? mark_held_locks+0xe0/0xe0 [ 91.173326][ T9507] ? netlink_deliver_tap+0x146/0xb50 [ 91.178592][ T9507] netlink_rcv_skb+0x15a/0x410 [ 91.183350][ T9507] ? rtnl_bridge_getlink+0x880/0x880 [ 91.189240][ T9507] ? netlink_ack+0xa80/0xa80 [ 91.193816][ T9507] netlink_unicast+0x537/0x740 [ 91.198570][ T9507] ? netlink_attachskb+0x810/0x810 [ 91.203661][ T9507] ? _copy_from_iter_full+0x25c/0x870 [ 91.209011][ T9507] ? __phys_addr_symbol+0x2c/0x70 [ 91.214632][ T9507] ? __check_object_size+0x171/0x437 [ 91.219990][ T9507] netlink_sendmsg+0x882/0xe10 [ 91.224734][ T9507] ? aa_af_perm+0x260/0x260 [ 91.229222][ T9507] ? netlink_unicast+0x740/0x740 [ 91.234158][ T9507] ? netlink_unicast+0x740/0x740 [ 91.239093][ T9507] sock_sendmsg+0xcf/0x120 [ 91.243574][ T9507] ____sys_sendmsg+0x6b9/0x7d0 [ 91.248490][ T9507] ? kernel_sendmsg+0x50/0x50 [ 91.253147][ T9507] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 91.258758][ T9507] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 91.264729][ T9507] ___sys_sendmsg+0x100/0x170 [ 91.269476][ T9507] ? sendmsg_copy_msghdr+0x70/0x70 [ 91.274599][ T9507] ? lock_downgrade+0x7f0/0x7f0 [ 91.279533][ T9507] ? lock_acquire+0x197/0x420 [ 91.284210][ T9507] ? __might_fault+0xef/0x1d0 [ 91.288892][ T9507] ? __might_fault+0x190/0x1d0 [ 91.293646][ T9507] ? _copy_to_user+0x107/0x150 [ 91.298398][ T9507] ? move_addr_to_user+0xb3/0x200 [ 91.303428][ T9507] ? __fget_light+0x1a5/0x270 [ 91.308101][ T9507] __sys_sendmsg+0xec/0x1b0 [ 91.312585][ T9507] ? __sys_sendmsg_sock+0xb0/0xb0 [ 91.317687][ T9507] ? mark_held_locks+0x9f/0xe0 [ 91.322442][ T9507] ? trace_hardirqs_off_caller+0x55/0x230 [ 91.328147][ T9507] ? do_fast_syscall_32+0xcc/0xe8f [ 91.333247][ T9507] do_fast_syscall_32+0x270/0xe8f [ 91.338257][ T9507] entry_SYSENTER_compat+0x70/0x7f [ 91.345397][ T9507] Kernel Offset: disabled [ 91.349735][ T9507] Rebooting in 86400 seconds..