[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 58.028157][ T7019] ================================================================== [ 58.036718][ T7019] BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560 [ 58.045574][ T7019] [ 58.047916][ T7019] CPU: 1 PID: 7019 Comm: syz-executor719 Not tainted 5.6.0-syzkaller #0 [ 58.056614][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.067038][ T7019] Call Trace: [ 58.070334][ T7019] dump_stack+0x188/0x20d [ 58.074665][ T7019] print_address_description.constprop.0.cold+0xd3/0x315 [ 58.081731][ T7019] ? nf_tables_newset+0x1ed6/0x2560 [ 58.086926][ T7019] kasan_report_invalid_free+0x61/0xa0 [ 58.092383][ T7019] ? nf_tables_newset+0x1ed6/0x2560 [ 58.097585][ T7019] __kasan_slab_free+0x129/0x140 [ 58.102567][ T7019] ? nf_tables_newset+0x1ed6/0x2560 [ 58.107762][ T7019] kfree+0x109/0x2b0 [ 58.112069][ T7019] nf_tables_newset+0x1ed6/0x2560 [ 58.117123][ T7019] ? lock_downgrade+0x840/0x840 [ 58.121978][ T7019] ? nft_set_elem_expr_alloc+0x200/0x200 [ 58.127783][ T7019] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 58.133727][ T7019] ? __nla_parse+0x2e/0x60 [ 58.138298][ T7019] nfnetlink_rcv_batch+0x83a/0x1610 [ 58.143674][ T7019] ? nft_set_elem_expr_alloc+0x200/0x200 [ 58.149372][ T7019] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 58.155516][ T7019] ? __nla_validate_parse+0x2af/0x1cd0 [ 58.161228][ T7019] ? cap_capable+0x1eb/0x250 [ 58.165966][ T7019] ? nla_memcpy+0xa0/0xa0 [ 58.170478][ T7019] ? ns_capable_common+0xe2/0x100 [ 58.176030][ T7019] ? __nla_parse+0x2e/0x60 [ 58.180610][ T7019] nfnetlink_rcv+0x3af/0x420 [ 58.185208][ T7019] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 58.190787][ T7019] netlink_unicast+0x537/0x740 [ 58.195599][ T7019] ? netlink_attachskb+0x810/0x810 [ 58.200748][ T7019] ? _copy_from_iter_full+0x25c/0x870 [ 58.206295][ T7019] ? __phys_addr_symbol+0x2c/0x70 [ 58.211499][ T7019] ? __check_object_size+0x171/0x437 [ 58.217056][ T7019] netlink_sendmsg+0x882/0xe10 [ 58.221870][ T7019] ? aa_af_perm+0x260/0x260 [ 58.226517][ T7019] ? netlink_unicast+0x740/0x740 [ 58.231463][ T7019] ? netlink_unicast+0x740/0x740 [ 58.236553][ T7019] sock_sendmsg+0xcf/0x120 [ 58.241186][ T7019] ____sys_sendmsg+0x6bf/0x7e0 [ 58.246325][ T7019] ? print_usage_bug+0x240/0x240 [ 58.251459][ T7019] ? kernel_sendmsg+0x50/0x50 [ 58.256171][ T7019] ___sys_sendmsg+0x100/0x170 [ 58.260988][ T7019] ? sendmsg_copy_msghdr+0x70/0x70 [ 58.266100][ T7019] ? mark_held_locks+0xe0/0xe0 [ 58.271042][ T7019] ? __this_cpu_preempt_check+0x28/0x190 [ 58.280038][ T7019] ? percpu_counter_add_batch+0x123/0x180 [ 58.285757][ T7019] ? find_held_lock+0x2d/0x110 [ 58.290795][ T7019] ? __fd_install+0x1b4/0x600 [ 58.295587][ T7019] ? lock_downgrade+0x840/0x840 [ 58.300430][ T7019] ? __fget_light+0x1ab/0x270 [ 58.305102][ T7019] __sys_sendmsg+0xec/0x1b0 [ 58.309650][ T7019] ? __sys_sendmsg_sock+0xb0/0xb0 [ 58.314676][ T7019] ? trace_hardirqs_off_caller+0x55/0x230 [ 58.320400][ T7019] ? do_syscall_64+0x21/0x7d0 [ 58.325093][ T7019] do_syscall_64+0xf6/0x7d0 [ 58.330047][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.335942][ T7019] RIP: 0033:0x441279 [ 58.340069][ T7019] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.359792][ T7019] RSP: 002b:00007ffd3ba59f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.368210][ T7019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279 [ 58.376285][ T7019] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004 [ 58.384506][ T7019] RBP: 000000000000e274 R08: 00000000004002c8 R09: 00000000004002c8 [ 58.392724][ T7019] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0 [ 58.400840][ T7019] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 [ 58.408877][ T7019] [ 58.411248][ T7019] Allocated by task 7019: [ 58.415790][ T7019] save_stack+0x1b/0x40 [ 58.420068][ T7019] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 58.426132][ T7019] __kmalloc_track_caller+0x159/0x7a0 [ 58.431625][ T7019] kvasprintf+0xb5/0x150 [ 58.435945][ T7019] kasprintf+0xbb/0xf0 [ 58.440118][ T7019] nf_tables_newset+0x1543/0x2560 [ 58.445187][ T7019] nfnetlink_rcv_batch+0x83a/0x1610 [ 58.450512][ T7019] nfnetlink_rcv+0x3af/0x420 [ 58.455098][ T7019] netlink_unicast+0x537/0x740 [ 58.459943][ T7019] netlink_sendmsg+0x882/0xe10 [ 58.464857][ T7019] sock_sendmsg+0xcf/0x120 [ 58.469362][ T7019] ____sys_sendmsg+0x6bf/0x7e0 [ 58.474240][ T7019] ___sys_sendmsg+0x100/0x170 [ 58.479074][ T7019] __sys_sendmsg+0xec/0x1b0 [ 58.483573][ T7019] do_syscall_64+0xf6/0x7d0 [ 58.488607][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.494819][ T7019] [ 58.497232][ T7019] Freed by task 7019: [ 58.501878][ T7019] save_stack+0x1b/0x40 [ 58.506118][ T7019] __kasan_slab_free+0xf7/0x140 [ 58.510968][ T7019] kfree+0x109/0x2b0 [ 58.514946][ T7019] nf_tables_newset+0x1f73/0x2560 [ 58.520155][ T7019] nfnetlink_rcv_batch+0x83a/0x1610 [ 58.525692][ T7019] nfnetlink_rcv+0x3af/0x420 [ 58.530412][ T7019] netlink_unicast+0x537/0x740 [ 58.535250][ T7019] netlink_sendmsg+0x882/0xe10 [ 58.540148][ T7019] sock_sendmsg+0xcf/0x120 [ 58.544556][ T7019] ____sys_sendmsg+0x6bf/0x7e0 [ 58.549385][ T7019] ___sys_sendmsg+0x100/0x170 [ 58.554169][ T7019] __sys_sendmsg+0xec/0x1b0 [ 58.559098][ T7019] do_syscall_64+0xf6/0x7d0 [ 58.563787][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.569816][ T7019] [ 58.572140][ T7019] The buggy address belongs to the object at ffff8880a45be180 [ 58.572140][ T7019] which belongs to the cache kmalloc-32 of size 32 [ 58.586439][ T7019] The buggy address is located 0 bytes inside of [ 58.586439][ T7019] 32-byte region [ffff8880a45be180, ffff8880a45be1a0) [ 58.599917][ T7019] The buggy address belongs to the page: [ 58.605567][ T7019] page:ffffea0002916f80 refcount:1 mapcount:0 mapping:000000001c13a6fd index:0xffff8880a45befc1 [ 58.616176][ T7019] flags: 0xfffe0000000200(slab) [ 58.621437][ T7019] raw: 00fffe0000000200 ffffea00027b5248 ffffea0002991e08 ffff8880aa0001c0 [ 58.630166][ T7019] raw: ffff8880a45befc1 ffff8880a45be000 0000000100000034 0000000000000000 [ 58.639094][ T7019] page dumped because: kasan: bad access detected [ 58.645633][ T7019] [ 58.648115][ T7019] Memory state around the buggy address: [ 58.653785][ T7019] ffff8880a45be080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 58.662012][ T7019] ffff8880a45be100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 58.670513][ T7019] >ffff8880a45be180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 58.678781][ T7019] ^ [ 58.682906][ T7019] ffff8880a45be200: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 58.690966][ T7019] ffff8880a45be280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 58.699015][ T7019] ================================================================== [ 58.707067][ T7019] Disabling lock debugging due to kernel taint [ 58.713218][ T7019] Kernel panic - not syncing: panic_on_warn set ... [ 58.719799][ T7019] CPU: 1 PID: 7019 Comm: syz-executor719 Tainted: G B 5.6.0-syzkaller #0 [ 58.729614][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.740111][ T7019] Call Trace: [ 58.743806][ T7019] dump_stack+0x188/0x20d [ 58.748264][ T7019] panic+0x2e3/0x75c [ 58.752237][ T7019] ? add_taint.cold+0x16/0x16 [ 58.757032][ T7019] ? print_shadow_for_address+0xb8/0x114 [ 58.762955][ T7019] ? trace_hardirqs_off+0x50/0x220 [ 58.768219][ T7019] ? nf_tables_newset+0x1ed6/0x2560 [ 58.773461][ T7019] end_report+0x4d/0x53 [ 58.777613][ T7019] kasan_report_invalid_free+0x7d/0xa0 [ 58.783133][ T7019] ? nf_tables_newset+0x1ed6/0x2560 [ 58.788329][ T7019] __kasan_slab_free+0x129/0x140 [ 58.793326][ T7019] ? nf_tables_newset+0x1ed6/0x2560 [ 58.798573][ T7019] kfree+0x109/0x2b0 [ 58.802461][ T7019] nf_tables_newset+0x1ed6/0x2560 [ 58.807477][ T7019] ? lock_downgrade+0x840/0x840 [ 58.812359][ T7019] ? nft_set_elem_expr_alloc+0x200/0x200 [ 58.818057][ T7019] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 58.823946][ T7019] ? __nla_parse+0x2e/0x60 [ 58.828390][ T7019] nfnetlink_rcv_batch+0x83a/0x1610 [ 58.833725][ T7019] ? nft_set_elem_expr_alloc+0x200/0x200 [ 58.839434][ T7019] ? nfnetlink_subsys_register+0x2b0/0x2b0 [ 58.845621][ T7019] ? __nla_validate_parse+0x2af/0x1cd0 [ 58.851078][ T7019] ? cap_capable+0x1eb/0x250 [ 58.855836][ T7019] ? nla_memcpy+0xa0/0xa0 [ 58.860219][ T7019] ? ns_capable_common+0xe2/0x100 [ 58.865271][ T7019] ? __nla_parse+0x2e/0x60 [ 58.869684][ T7019] nfnetlink_rcv+0x3af/0x420 [ 58.874318][ T7019] ? nfnetlink_rcv_batch+0x1610/0x1610 [ 58.879769][ T7019] netlink_unicast+0x537/0x740 [ 58.884609][ T7019] ? netlink_attachskb+0x810/0x810 [ 58.889730][ T7019] ? _copy_from_iter_full+0x25c/0x870 [ 58.895181][ T7019] ? __phys_addr_symbol+0x2c/0x70 [ 58.900195][ T7019] ? __check_object_size+0x171/0x437 [ 58.905526][ T7019] netlink_sendmsg+0x882/0xe10 [ 58.910428][ T7019] ? aa_af_perm+0x260/0x260 [ 58.914921][ T7019] ? netlink_unicast+0x740/0x740 [ 58.919847][ T7019] ? netlink_unicast+0x740/0x740 [ 58.924799][ T7019] sock_sendmsg+0xcf/0x120 [ 58.929213][ T7019] ____sys_sendmsg+0x6bf/0x7e0 [ 58.934116][ T7019] ? print_usage_bug+0x240/0x240 [ 58.939468][ T7019] ? kernel_sendmsg+0x50/0x50 [ 58.944236][ T7019] ___sys_sendmsg+0x100/0x170 [ 58.949014][ T7019] ? sendmsg_copy_msghdr+0x70/0x70 [ 58.954119][ T7019] ? mark_held_locks+0xe0/0xe0 [ 58.959060][ T7019] ? __this_cpu_preempt_check+0x28/0x190 [ 58.964735][ T7019] ? percpu_counter_add_batch+0x123/0x180 [ 58.970465][ T7019] ? find_held_lock+0x2d/0x110 [ 58.975223][ T7019] ? __fd_install+0x1b4/0x600 [ 58.979932][ T7019] ? lock_downgrade+0x840/0x840 [ 58.984818][ T7019] ? __fget_light+0x1ab/0x270 [ 58.989527][ T7019] __sys_sendmsg+0xec/0x1b0 [ 58.994020][ T7019] ? __sys_sendmsg_sock+0xb0/0xb0 [ 58.999038][ T7019] ? trace_hardirqs_off_caller+0x55/0x230 [ 59.004788][ T7019] ? do_syscall_64+0x21/0x7d0 [ 59.009624][ T7019] do_syscall_64+0xf6/0x7d0 [ 59.014361][ T7019] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.020423][ T7019] RIP: 0033:0x441279 [ 59.024519][ T7019] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.044594][ T7019] RSP: 002b:00007ffd3ba59f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.053401][ T7019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279 [ 59.061544][ T7019] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004 [ 59.069683][ T7019] RBP: 000000000000e274 R08: 00000000004002c8 R09: 00000000004002c8 [ 59.077765][ T7019] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0 [ 59.086014][ T7019] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 [ 59.095989][ T7019] Kernel Offset: disabled [ 59.100525][ T7019] Rebooting in 86400 seconds..