[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Load/Save RF Kill Switch Status.
[  OK  ] Started Update UTMP about System Runlevel Changes.


Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   63.287300][ T7042] ==================================================================
[   63.295724][ T7042] BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560
[   63.304388][ T7042] 
[   63.306728][ T7042] CPU: 1 PID: 7042 Comm: syz-executor021 Not tainted 5.6.0-syzkaller #0
[   63.315092][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.325279][ T7042] Call Trace:
[   63.328570][ T7042]  dump_stack+0x188/0x20d
[   63.332897][ T7042]  print_address_description.constprop.0.cold+0xd3/0x315
[   63.339936][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   63.345232][ T7042]  kasan_report_invalid_free+0x61/0xa0
[   63.350775][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   63.355971][ T7042]  __kasan_slab_free+0x129/0x140
[   63.361131][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   63.366451][ T7042]  kfree+0x109/0x2b0
[   63.370360][ T7042]  nf_tables_newset+0x1ed6/0x2560
[   63.375638][ T7042]  ? lock_downgrade+0x840/0x840
[   63.380671][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   63.386536][ T7042]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   63.392449][ T7042]  ? __nla_parse+0x2e/0x60
[   63.396886][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   63.402081][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   63.407709][ T7042]  ? nfnetlink_subsys_register+0x2b0/0x2b0
[   63.413534][ T7042]  ? __nla_validate_parse+0x2af/0x1cd0
[   63.418986][ T7042]  ? cap_capable+0x1eb/0x250
[   63.423582][ T7042]  ? nla_memcpy+0xa0/0xa0
[   63.427926][ T7042]  ? ns_capable_common+0xe2/0x100
[   63.433070][ T7042]  ? __nla_parse+0x2e/0x60
[   63.437485][ T7042]  nfnetlink_rcv+0x3af/0x420
[   63.442084][ T7042]  ? nfnetlink_rcv_batch+0x1610/0x1610
[   63.447656][ T7042]  netlink_unicast+0x537/0x740
[   63.452427][ T7042]  ? netlink_attachskb+0x810/0x810
[   63.457544][ T7042]  ? _copy_from_iter_full+0x25c/0x870
[   63.463064][ T7042]  ? __phys_addr_symbol+0x2c/0x70
[   63.468092][ T7042]  ? __check_object_size+0x171/0x437
[   63.473389][ T7042]  netlink_sendmsg+0x882/0xe10
[   63.478144][ T7042]  ? aa_af_perm+0x260/0x260
[   63.483079][ T7042]  ? netlink_unicast+0x740/0x740
[   63.488132][ T7042]  ? netlink_unicast+0x740/0x740
[   63.493070][ T7042]  sock_sendmsg+0xcf/0x120
[   63.497490][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   63.502264][ T7042]  ? print_usage_bug+0x240/0x240
[   63.507286][ T7042]  ? kernel_sendmsg+0x50/0x50
[   63.511966][ T7042]  ___sys_sendmsg+0x100/0x170
[   63.516644][ T7042]  ? sendmsg_copy_msghdr+0x70/0x70
[   63.521775][ T7042]  ? mark_held_locks+0xe0/0xe0
[   63.526560][ T7042]  ? __this_cpu_preempt_check+0x28/0x190
[   63.532199][ T7042]  ? percpu_counter_add_batch+0x123/0x180
[   63.537927][ T7042]  ? find_held_lock+0x2d/0x110
[   63.542680][ T7042]  ? __fd_install+0x1b4/0x600
[   63.547461][ T7042]  ? lock_downgrade+0x840/0x840
[   63.552315][ T7042]  ? __fget_light+0x1ab/0x270
[   63.557106][ T7042]  __sys_sendmsg+0xec/0x1b0
[   63.561712][ T7042]  ? __sys_sendmsg_sock+0xb0/0xb0
[   63.566745][ T7042]  ? trace_hardirqs_off_caller+0x55/0x230
[   63.572604][ T7042]  ? do_syscall_64+0x21/0x7d0
[   63.577459][ T7042]  do_syscall_64+0xf6/0x7d0
[   63.581964][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   63.588188][ T7042] RIP: 0033:0x441279
[   63.592073][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   63.612005][ T7042] RSP: 002b:00007ffde8afd448 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   63.620530][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
[   63.628513][ T7042] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004
[   63.636474][ T7042] RBP: 000000000000f700 R08: 00000000004002c8 R09: 00000000004002c8
[   63.644439][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0
[   63.652406][ T7042] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   63.660379][ T7042] 
[   63.662699][ T7042] Allocated by task 7042:
[   63.667029][ T7042]  save_stack+0x1b/0x80
[   63.671332][ T7042]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   63.676960][ T7042]  __kmalloc_track_caller+0x159/0x7a0
[   63.682325][ T7042]  kvasprintf+0xb5/0x150
[   63.686549][ T7042]  kasprintf+0xbb/0xf0
[   63.690609][ T7042]  nf_tables_newset+0x1543/0x2560
[   63.695633][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   63.700818][ T7042]  nfnetlink_rcv+0x3af/0x420
[   63.705392][ T7042]  netlink_unicast+0x537/0x740
[   63.710154][ T7042]  netlink_sendmsg+0x882/0xe10
[   63.714931][ T7042]  sock_sendmsg+0xcf/0x120
[   63.719365][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   63.724157][ T7042]  ___sys_sendmsg+0x100/0x170
[   63.728836][ T7042]  __sys_sendmsg+0xec/0x1b0
[   63.733341][ T7042]  do_syscall_64+0xf6/0x7d0
[   63.737841][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   63.743765][ T7042] 
[   63.746082][ T7042] Freed by task 7042:
[   63.750054][ T7042]  save_stack+0x1b/0x80
[   63.754314][ T7042]  __kasan_slab_free+0xf7/0x140
[   63.759292][ T7042]  kfree+0x109/0x2b0
[   63.763229][ T7042]  nf_tables_newset+0x1f73/0x2560
[   63.768244][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   63.773428][ T7042]  nfnetlink_rcv+0x3af/0x420
[   63.778005][ T7042]  netlink_unicast+0x537/0x740
[   63.782774][ T7042]  netlink_sendmsg+0x882/0xe10
[   63.787525][ T7042]  sock_sendmsg+0xcf/0x120
[   63.791946][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   63.796852][ T7042]  ___sys_sendmsg+0x100/0x170
[   63.801529][ T7042]  __sys_sendmsg+0xec/0x1b0
[   63.806026][ T7042]  do_syscall_64+0xf6/0x7d0
[   63.810517][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   63.816389][ T7042] 
[   63.818717][ T7042] The buggy address belongs to the object at ffff88809e1ab280
[   63.818717][ T7042]  which belongs to the cache kmalloc-32 of size 32
[   63.832595][ T7042] The buggy address is located 0 bytes inside of
[   63.832595][ T7042]  32-byte region [ffff88809e1ab280, ffff88809e1ab2a0)
[   63.845598][ T7042] The buggy address belongs to the page:
[   63.851231][ T7042] page:ffffea0002786ac0 refcount:1 mapcount:0 mapping:ffff8880aa0001c0 index:0xffff88809e1abfc1
[   63.861626][ T7042] flags: 0xfffe0000000200(slab)
[   63.866489][ T7042] raw: 00fffe0000000200 ffffea00027f1848 ffffea0002789388 ffff8880aa0001c0
[   63.875082][ T7042] raw: ffff88809e1abfc1 ffff88809e1ab000 0000000100000032 0000000000000000
[   63.883846][ T7042] page dumped because: kasan: bad access detected
[   63.890322][ T7042] 
[   63.892647][ T7042] Memory state around the buggy address:
[   63.898272][ T7042]  ffff88809e1ab180: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   63.906324][ T7042]  ffff88809e1ab200: 00 00 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
[   63.914381][ T7042] >ffff88809e1ab280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   63.922444][ T7042]                    ^
[   63.926505][ T7042]  ffff88809e1ab300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   63.934589][ T7042]  ffff88809e1ab380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   63.942637][ T7042] ==================================================================
[   63.950697][ T7042] Disabling lock debugging due to kernel taint
[   63.956833][ T7042] Kernel panic - not syncing: panic_on_warn set ...
[   63.963415][ T7042] CPU: 1 PID: 7042 Comm: syz-executor021 Tainted: G    B             5.6.0-syzkaller #0
[   63.973346][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.983599][ T7042] Call Trace:
[   63.988279][ T7042]  dump_stack+0x188/0x20d
[   63.992954][ T7042]  panic+0x2e3/0x75c
[   63.996835][ T7042]  ? add_taint.cold+0x16/0x16
[   64.001532][ T7042]  ? print_shadow_for_address+0xb8/0x114
[   64.007183][ T7042]  ? trace_hardirqs_off+0x50/0x220
[   64.012281][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   64.017481][ T7042]  end_report+0x43/0x49
[   64.021637][ T7042]  kasan_report_invalid_free+0x7d/0xa0
[   64.027081][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   64.032261][ T7042]  __kasan_slab_free+0x129/0x140
[   64.037198][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   64.042377][ T7042]  kfree+0x109/0x2b0
[   64.046257][ T7042]  nf_tables_newset+0x1ed6/0x2560
[   64.051292][ T7042]  ? lock_downgrade+0x840/0x840
[   64.056132][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   64.061751][ T7042]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   64.067733][ T7042]  ? __nla_parse+0x2e/0x60
[   64.072255][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   64.077468][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   64.083209][ T7042]  ? nfnetlink_subsys_register+0x2b0/0x2b0
[   64.089092][ T7042]  ? __nla_validate_parse+0x2af/0x1cd0
[   64.094549][ T7042]  ? cap_capable+0x1eb/0x250
[   64.099140][ T7042]  ? nla_memcpy+0xa0/0xa0
[   64.103477][ T7042]  ? ns_capable_common+0xe2/0x100
[   64.108481][ T7042]  ? __nla_parse+0x2e/0x60
[   64.112919][ T7042]  nfnetlink_rcv+0x3af/0x420
[   64.117510][ T7042]  ? nfnetlink_rcv_batch+0x1610/0x1610
[   64.122969][ T7042]  netlink_unicast+0x537/0x740
[   64.127719][ T7042]  ? netlink_attachskb+0x810/0x810
[   64.132837][ T7042]  ? _copy_from_iter_full+0x25c/0x870
[   64.138207][ T7042]  ? __phys_addr_symbol+0x2c/0x70
[   64.143214][ T7042]  ? __check_object_size+0x171/0x437
[   64.148500][ T7042]  netlink_sendmsg+0x882/0xe10
[   64.153406][ T7042]  ? aa_af_perm+0x260/0x260
[   64.158032][ T7042]  ? netlink_unicast+0x740/0x740
[   64.162982][ T7042]  ? netlink_unicast+0x740/0x740
[   64.167943][ T7042]  sock_sendmsg+0xcf/0x120
[   64.172350][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   64.177209][ T7042]  ? print_usage_bug+0x240/0x240
[   64.182183][ T7042]  ? kernel_sendmsg+0x50/0x50
[   64.186998][ T7042]  ___sys_sendmsg+0x100/0x170
[   64.191726][ T7042]  ? sendmsg_copy_msghdr+0x70/0x70
[   64.196984][ T7042]  ? mark_held_locks+0xe0/0xe0
[   64.201744][ T7042]  ? __this_cpu_preempt_check+0x28/0x190
[   64.207458][ T7042]  ? percpu_counter_add_batch+0x123/0x180
[   64.213185][ T7042]  ? find_held_lock+0x2d/0x110
[   64.218039][ T7042]  ? __fd_install+0x1b4/0x600
[   64.222707][ T7042]  ? lock_downgrade+0x840/0x840
[   64.227560][ T7042]  ? __fget_light+0x1ab/0x270
[   64.232241][ T7042]  __sys_sendmsg+0xec/0x1b0
[   64.236732][ T7042]  ? __sys_sendmsg_sock+0xb0/0xb0
[   64.241762][ T7042]  ? trace_hardirqs_off_caller+0x55/0x230
[   64.247503][ T7042]  ? do_syscall_64+0x21/0x7d0
[   64.252276][ T7042]  do_syscall_64+0xf6/0x7d0
[   64.257210][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   64.263084][ T7042] RIP: 0033:0x441279
[   64.266979][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   64.286912][ T7042] RSP: 002b:00007ffde8afd448 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.295309][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
[   64.303872][ T7042] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004
[   64.311943][ T7042] RBP: 000000000000f700 R08: 00000000004002c8 R09: 00000000004002c8
[   64.319917][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0
[   64.327870][ T7042] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   64.337261][ T7042] Kernel Offset: disabled
[   64.341645][ T7042] Rebooting in 86400 seconds..