KASAN: invalid-free in nf_tables

==================================================================
BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560 net/netfilter/nf_tables_api.c:4148

CPU: 1 PID: 7019 Comm: syz-executor719 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0xd3/0x315 mm/kasan/report.c:382
 kasan_report_invalid_free+0x61/0xa0 mm/kasan/report.c:476
 __kasan_slab_free+0x129/0x140 mm/kasan/common.c:435
 __cache_free mm/slab.c:3426 [inline]
 kfree+0x109/0x2b0 mm/slab.c:3757
 nf_tables_newset+0x1ed6/0x2560 net/netfilter/nf_tables_api.c:4148
 nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline]
 nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
 ___sys_sendmsg+0x100/0x170 net/socket.c:2416
 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x441279
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd3ba59f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004
RBP: 000000000000e274 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0
R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000

Allocated by task 7019:
 save_stack+0x1b/0x40 mm/kasan/common.c:49
 set_track mm/kasan/common.c:57 [inline]
 __kasan_kmalloc mm/kasan/common.c:495 [inline]
 __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:468
 __do_kmalloc mm/slab.c:3656 [inline]
 __kmalloc_track_caller+0x159/0x7a0 mm/slab.c:3671
 kvasprintf+0xb5/0x150 lib/kasprintf.c:25
 kasprintf+0xbb/0xf0 lib/kasprintf.c:59
 nf_tables_set_alloc_name net/netfilter/nf_tables_api.c:3536 [inline]
 nf_tables_newset+0x1543/0x2560 net/netfilter/nf_tables_api.c:4088
 nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline]
 nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
 ___sys_sendmsg+0x100/0x170 net/socket.c:2416
 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3

Freed by task 7019:
 save_stack+0x1b/0x40 mm/kasan/common.c:49
 set_track mm/kasan/common.c:57 [inline]
 kasan_set_free_info mm/kasan/common.c:317 [inline]
 __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:456
 __cache_free mm/slab.c:3426 [inline]
 kfree+0x109/0x2b0 mm/slab.c:3757
 nf_tables_set_alloc_name net/netfilter/nf_tables_api.c:3544 [inline]
 nf_tables_newset+0x1f73/0x2560 net/netfilter/nf_tables_api.c:4088
 nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline]
 nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
 ___sys_sendmsg+0x100/0x170 net/socket.c:2416
 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3

The buggy address belongs to the object at ffff8880a45be180
 which belongs to the cache kmalloc-32 of size 32
The buggy address is located 0 bytes inside of
 32-byte region [ffff8880a45be180, ffff8880a45be1a0)
The buggy address belongs to the page:
page:ffffea0002916f80 refcount:1 mapcount:0 mapping:000000001c13a6fd index:0xffff8880a45befc1
flags: 0xfffe0000000200(slab)
raw: 00fffe0000000200 ffffea00027b5248 ffffea0002991e08 ffff8880aa0001c0
raw: ffff8880a45befc1 ffff8880a45be000 0000000100000034 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8880a45be080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
 ffff8880a45be100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
>ffff8880a45be180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
                   ^
 ffff8880a45be200: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc
 ffff8880a45be280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
==================================================================

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2020/04/09 04:18	upstream	ae46d2aa6a7f	db9bcd4b	.config	console log	report	syz	C	ci-upstream-kasan-gce
2020/04/12 01:58	upstream	5b8b9d0c6d0e	a8c6a3f8	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2020/04/03 06:14	upstream	7be97138e727	a34e2c33	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2020/04/03 06:39	net-old	21f64e72e707	a34e2c33	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/04/03 06:20	net-old	21f64e72e707	a34e2c33	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/04/03 06:39	net-next-old	1a323ea5356e	a34e2c33	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2020/04/03 05:52	net-next-old	1a323ea5356e	a34e2c33	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2020/04/03 05:27	upstream	7be97138e727	a34e2c33	.config	console log	report			ci-upstream-kasan-gce-386
2020/04/03 09:34	net-old	21f64e72e707	a34e2c33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/04/16 17:39	net-next-old	63bef48fd6c9	c743fcb3	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/15 17:01	net-next-old	63bef48fd6c9	3f3c5574	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/14 04:23	net-next-old	63bef48fd6c9	7c54686a	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/13 03:22	net-next-old	63bef48fd6c9	36b0b050	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/12 12:43	net-next-old	63bef48fd6c9	36b0b050	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/11 06:13	net-next-old	63bef48fd6c9	a8c6a3f8	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/10 05:39	net-next-old	63bef48fd6c9	a8c6a3f8	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/09 19:07	net-next-old	63bef48fd6c9	a8c6a3f8	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/07 11:28	net-next-old	1a323ea5356e	99a96044	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/03 09:24	net-next-old	1a323ea5356e	a34e2c33	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/03 05:31	net-next-old	1a323ea5356e	a34e2c33	.config	console log	report			ci-upstream-net-kasan-gce
2020/04/01 08:32	net-next-old	7f80ccfe9968	a34e2c33	.config	console log	report			ci-upstream-net-kasan-gce