Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 59.510444][ T7041] ================================================================== [ 59.518800][ T7041] BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560 [ 59.527447][ T7041] [ 59.530411][ T7041] CPU: 0 PID: 7041 Comm: syz-executor627 Not tainted 5.6.0-syzkaller #0 [ 59.538724][ T7041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.548760][ T7041] Call Trace: [ 59.552041][ T7041] dump_stack+0x188/0x20d [ 59.556383][ T7041] print_address_description.constprop.0.cold+0xd3/0x315 [ 59.563394][ T7041] ? nf_tables_newset+0x1ed6/0x2560 [ 59.568605][ T7041] kasan_report_invalid_free+0x61/0xa0 [ 59.574055][ T7041] ? nf_tables_newset+0x1ed6/0x2560 [ 59.579245][ T7041] __kasan_slab_free+0x129/0x140 [ 59.584197][ T7041] ? nf_tables_newset+0x1ed6/0x2560 [ 59.589425][ T7041] kfree+0x109/0x2b0 [ 59.593320][ T7041] nf_tables_newset+0x1ed6/0x2560 [ 59.598348][ T7041] ? lock_downgrade+0x840/0x840 [ 59.603192][ T7041] ? nft_set_elem_expr_alloc+0x200/0x200 [ 59.608824][ T7041] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 59.614710][ T7041] ? __nla_parse+0x2e/0x60 [ 59.619120][ T7041] nfnetlink_rcv_batch+0x83a/0x1610 [ 59.624314][ T7041] ? nft_set_elem_expr_alloc+0x200/0x200 [ 59.629936][ T7041] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 59.635746][ T7041] ? __nla_validate_parse+0x2af/0x1cd0 [ 59.641199][ T7041] ? cap_capable+0x1eb/0x250 [ 59.645771][ T7041] ? nla_memcpy+0xa0/0xa0 [ 59.650089][ T7041] ? ns_capable_common+0xe2/0x100 [ 59.655092][ T7041] ? __nla_parse+0x2e/0x60 [ 59.659490][ T7041] nfnetlink_rcv+0x3af/0x420 [ 59.664063][ T7041] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 59.669965][ T7041] netlink_unicast+0x537/0x740 [ 59.674728][ T7041] ? netlink_attachskb+0x810/0x810 [ 59.679843][ T7041] ? _copy_from_iter_full+0x25c/0x870 [ 59.685216][ T7041] ? __phys_addr_symbol+0x2c/0x70 [ 59.690226][ T7041] ? __check_object_size+0x171/0x437 [ 59.695494][ T7041] netlink_sendmsg+0x882/0xe10 [ 59.700245][ T7041] ? aa_af_perm+0x260/0x260 [ 59.704739][ T7041] ? netlink_unicast+0x740/0x740 [ 59.709676][ T7041] ? netlink_unicast+0x740/0x740 [ 59.714604][ T7041] sock_sendmsg+0xcf/0x120 [ 59.719037][ T7041] ____sys_sendmsg+0x6bf/0x7e0 [ 59.723796][ T7041] ? get_compat_msghdr+0xd1/0x120 [ 59.728804][ T7041] ? kernel_sendmsg+0x50/0x50 [ 59.733477][ T7041] ___sys_sendmsg+0x100/0x170 [ 59.738141][ T7041] ? sendmsg_copy_msghdr+0x70/0x70 [ 59.743236][ T7041] ? mark_held_locks+0xe0/0xe0 [ 59.747985][ T7041] ? __this_cpu_preempt_check+0x28/0x190 [ 59.753816][ T7041] ? percpu_counter_add_batch+0x123/0x180 [ 59.759532][ T7041] ? find_held_lock+0x2d/0x110 [ 59.764366][ T7041] ? __fd_install+0x1b4/0x600 [ 59.769032][ T7041] ? lock_downgrade+0x840/0x840 [ 59.773867][ T7041] ? __fget_light+0x1ab/0x270 [ 59.778529][ T7041] __sys_sendmsg+0xec/0x1b0 [ 59.783016][ T7041] ? __sys_sendmsg_sock+0xb0/0xb0 [ 59.788036][ T7041] ? trace_hardirqs_off_caller+0x55/0x230 [ 59.793739][ T7041] ? do_fast_syscall_32+0xcc/0xe90 [ 59.798833][ T7041] do_fast_syscall_32+0x270/0xe90 [ 59.803840][ T7041] entry_SYSENTER_compat+0x70/0x7f [ 59.808986][ T7041] [ 59.811293][ T7041] Allocated by task 7041: [ 59.815601][ T7041] save_stack+0x1b/0x80 [ 59.819736][ T7041] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 59.825354][ T7041] __kmalloc_track_caller+0x159/0x7a0 [ 59.830716][ T7041] kvasprintf+0xb5/0x150 [ 59.835068][ T7041] kasprintf+0xbb/0xf0 [ 59.839120][ T7041] nf_tables_newset+0x1543/0x2560 [ 59.844140][ T7041] nfnetlink_rcv_batch+0x83a/0x1610 [ 59.849394][ T7041] nfnetlink_rcv+0x3af/0x420 [ 59.853978][ T7041] netlink_unicast+0x537/0x740 [ 59.858777][ T7041] netlink_sendmsg+0x882/0xe10 [ 59.863536][ T7041] sock_sendmsg+0xcf/0x120 [ 59.867934][ T7041] ____sys_sendmsg+0x6bf/0x7e0 [ 59.872679][ T7041] ___sys_sendmsg+0x100/0x170 [ 59.877371][ T7041] __sys_sendmsg+0xec/0x1b0 [ 59.881856][ T7041] do_fast_syscall_32+0x270/0xe90 [ 59.886858][ T7041] entry_SYSENTER_compat+0x70/0x7f [ 59.891940][ T7041] [ 59.894247][ T7041] Freed by task 7041: [ 59.898217][ T7041] save_stack+0x1b/0x80 [ 59.902357][ T7041] __kasan_slab_free+0xf7/0x140 [ 59.907207][ T7041] kfree+0x109/0x2b0 [ 59.911120][ T7041] nf_tables_newset+0x1f73/0x2560 [ 59.916138][ T7041] nfnetlink_rcv_batch+0x83a/0x1610 [ 59.921317][ T7041] nfnetlink_rcv+0x3af/0x420 [ 59.925897][ T7041] netlink_unicast+0x537/0x740 [ 59.930655][ T7041] netlink_sendmsg+0x882/0xe10 [ 59.935397][ T7041] sock_sendmsg+0xcf/0x120 [ 59.939798][ T7041] ____sys_sendmsg+0x6bf/0x7e0 [ 59.944549][ T7041] ___sys_sendmsg+0x100/0x170 [ 59.949220][ T7041] __sys_sendmsg+0xec/0x1b0 [ 59.953704][ T7041] do_fast_syscall_32+0x270/0xe90 [ 59.958726][ T7041] entry_SYSENTER_compat+0x70/0x7f [ 59.963811][ T7041] [ 59.966121][ T7041] The buggy address belongs to the object at ffff88809f6a4c80 [ 59.966121][ T7041] which belongs to the cache kmalloc-32 of size 32 [ 59.979980][ T7041] The buggy address is located 0 bytes inside of [ 59.979980][ T7041] 32-byte region [ffff88809f6a4c80, ffff88809f6a4ca0) [ 59.992966][ T7041] The buggy address belongs to the page: [ 59.998578][ T7041] page:ffffea00027da900 refcount:1 mapcount:0 mapping:ffff8880aa0001c0 index:0xffff88809f6a4fc1 [ 60.008960][ T7041] flags: 0xfffe0000000200(slab) [ 60.013802][ T7041] raw: 00fffe0000000200 ffffea000280e7c8 ffff8880aa001240 ffff8880aa0001c0 [ 60.022379][ T7041] raw: ffff88809f6a4fc1 ffff88809f6a4000 0000000100000027 0000000000000000 [ 60.030942][ T7041] page dumped because: kasan: bad access detected [ 60.037333][ T7041] [ 60.039637][ T7041] Memory state around the buggy address: [ 60.045250][ T7041] ffff88809f6a4b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 60.053479][ T7041] ffff88809f6a4c00: 05 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 60.061715][ T7041] >ffff88809f6a4c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 60.069797][ T7041] ^ [ 60.073855][ T7041] ffff88809f6a4d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 60.081902][ T7041] ffff88809f6a4d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 60.089951][ T7041] ================================================================== [ 60.097990][ T7041] Disabling lock debugging due to kernel taint [ 60.104121][ T7041] Kernel panic - not syncing: panic_on_warn set ... [ 60.110685][ T7041] CPU: 0 PID: 7041 Comm: syz-executor627 Tainted: G B 5.6.0-syzkaller #0 [ 60.120384][ T7041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.130416][ T7041] Call Trace: [ 60.133692][ T7041] dump_stack+0x188/0x20d [ 60.138002][ T7041] panic+0x2e3/0x75c [ 60.141890][ T7041] ? add_taint.cold+0x16/0x16 [ 60.146546][ T7041] ? print_shadow_for_address+0xb8/0x114 [ 60.152154][ T7041] ? trace_hardirqs_off+0x50/0x220 [ 60.157245][ T7041] ? nf_tables_newset+0x1ed6/0x2560 [ 60.162434][ T7041] end_report+0x43/0x49 [ 60.166568][ T7041] kasan_report_invalid_free+0x7d/0xa0 [ 60.172015][ T7041] ? nf_tables_newset+0x1ed6/0x2560 [ 60.177224][ T7041] __kasan_slab_free+0x129/0x140 [ 60.182164][ T7041] ? nf_tables_newset+0x1ed6/0x2560 [ 60.187343][ T7041] kfree+0x109/0x2b0 [ 60.191219][ T7041] nf_tables_newset+0x1ed6/0x2560 [ 60.196235][ T7041] ? lock_downgrade+0x840/0x840 [ 60.201107][ T7041] ? nft_set_elem_expr_alloc+0x200/0x200 [ 60.206728][ T7041] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 60.212642][ T7041] ? __nla_parse+0x2e/0x60 [ 60.217065][ T7041] nfnetlink_rcv_batch+0x83a/0x1610 [ 60.222262][ T7041] ? nft_set_elem_expr_alloc+0x200/0x200 [ 60.227886][ T7041] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 60.233722][ T7041] ? __nla_validate_parse+0x2af/0x1cd0 [ 60.239184][ T7041] ? cap_capable+0x1eb/0x250 [ 60.243917][ T7041] ? nla_memcpy+0xa0/0xa0 [ 60.248228][ T7041] ? ns_capable_common+0xe2/0x100 [ 60.253239][ T7041] ? __nla_parse+0x2e/0x60 [ 60.257638][ T7041] nfnetlink_rcv+0x3af/0x420 [ 60.262235][ T7041] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 60.267675][ T7041] netlink_unicast+0x537/0x740 [ 60.272423][ T7041] ? netlink_attachskb+0x810/0x810 [ 60.277518][ T7041] ? _copy_from_iter_full+0x25c/0x870 [ 60.282878][ T7041] ? __phys_addr_symbol+0x2c/0x70 [ 60.287879][ T7041] ? __check_object_size+0x171/0x437 [ 60.293140][ T7041] netlink_sendmsg+0x882/0xe10 [ 60.297881][ T7041] ? aa_af_perm+0x260/0x260 [ 60.302367][ T7041] ? netlink_unicast+0x740/0x740 [ 60.307292][ T7041] ? netlink_unicast+0x740/0x740 [ 60.312203][ T7041] sock_sendmsg+0xcf/0x120 [ 60.316596][ T7041] ____sys_sendmsg+0x6bf/0x7e0 [ 60.321352][ T7041] ? get_compat_msghdr+0xd1/0x120 [ 60.326370][ T7041] ? kernel_sendmsg+0x50/0x50 [ 60.331030][ T7041] ___sys_sendmsg+0x100/0x170 [ 60.335685][ T7041] ? sendmsg_copy_msghdr+0x70/0x70 [ 60.340783][ T7041] ? mark_held_locks+0xe0/0xe0 [ 60.345524][ T7041] ? __this_cpu_preempt_check+0x28/0x190 [ 60.351148][ T7041] ? percpu_counter_add_batch+0x123/0x180 [ 60.356845][ T7041] ? find_held_lock+0x2d/0x110 [ 60.361605][ T7041] ? __fd_install+0x1b4/0x600 [ 60.366266][ T7041] ? lock_downgrade+0x840/0x840 [ 60.371108][ T7041] ? __fget_light+0x1ab/0x270 [ 60.375766][ T7041] __sys_sendmsg+0xec/0x1b0 [ 60.380249][ T7041] ? __sys_sendmsg_sock+0xb0/0xb0 [ 60.385302][ T7041] ? trace_hardirqs_off_caller+0x55/0x230 [ 60.391001][ T7041] ? do_fast_syscall_32+0xcc/0xe90 [ 60.396102][ T7041] do_fast_syscall_32+0x270/0xe90 [ 60.401121][ T7041] entry_SYSENTER_compat+0x70/0x7f [ 60.407685][ T7041] Kernel Offset: disabled [ 60.412009][ T7041] Rebooting in 86400 seconds..