[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   57.692766][ T7042] ==================================================================
[   57.700980][ T7042] BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560
[   57.709635][ T7042] 
[   57.711959][ T7042] CPU: 1 PID: 7042 Comm: syz-executor794 Not tainted 5.6.0-syzkaller #0
[   57.720273][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.730316][ T7042] Call Trace:
[   57.733603][ T7042]  dump_stack+0x188/0x20d
[   57.737968][ T7042]  print_address_description.constprop.0.cold+0xd3/0x315
[   57.744976][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   57.750158][ T7042]  kasan_report_invalid_free+0x61/0xa0
[   57.755601][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   57.760782][ T7042]  __kasan_slab_free+0x129/0x140
[   57.765703][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   57.770881][ T7042]  kfree+0x109/0x2b0
[   57.774779][ T7042]  nf_tables_newset+0x1ed6/0x2560
[   57.779844][ T7042]  ? lock_downgrade+0x840/0x840
[   57.784690][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   57.790318][ T7042]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   57.796380][ T7042]  ? __nla_parse+0x2e/0x60
[   57.800821][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   57.806008][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   57.811632][ T7042]  ? nfnetlink_subsys_register+0x2b0/0x2b0
[   57.817448][ T7042]  ? __nla_validate_parse+0x2af/0x1cd0
[   57.822892][ T7042]  ? cap_capable+0x1eb/0x250
[   57.827467][ T7042]  ? nla_memcpy+0xa0/0xa0
[   57.831786][ T7042]  ? ns_capable_common+0xe2/0x100
[   57.836793][ T7042]  ? __nla_parse+0x2e/0x60
[   57.841195][ T7042]  nfnetlink_rcv+0x3af/0x420
[   57.845768][ T7042]  ? nfnetlink_rcv_batch+0x1610/0x1610
[   57.851208][ T7042]  netlink_unicast+0x537/0x740
[   57.855955][ T7042]  ? netlink_attachskb+0x810/0x810
[   57.861050][ T7042]  ? _copy_from_iter_full+0x25c/0x870
[   57.866402][ T7042]  ? __phys_addr_symbol+0x2c/0x70
[   57.871406][ T7042]  ? __check_object_size+0x171/0x437
[   57.876684][ T7042]  netlink_sendmsg+0x882/0xe10
[   57.881444][ T7042]  ? aa_af_perm+0x260/0x260
[   57.885930][ T7042]  ? netlink_unicast+0x740/0x740
[   57.890850][ T7042]  ? netlink_unicast+0x740/0x740
[   57.895773][ T7042]  sock_sendmsg+0xcf/0x120
[   57.900177][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   57.904976][ T7042]  ? print_usage_bug+0x240/0x240
[   57.909932][ T7042]  ? kernel_sendmsg+0x50/0x50
[   57.914729][ T7042]  ___sys_sendmsg+0x100/0x170
[   57.919389][ T7042]  ? sendmsg_copy_msghdr+0x70/0x70
[   57.924519][ T7042]  ? mark_held_locks+0xe0/0xe0
[   57.929298][ T7042]  ? __this_cpu_preempt_check+0x28/0x190
[   57.934913][ T7042]  ? percpu_counter_add_batch+0x123/0x180
[   57.940617][ T7042]  ? find_held_lock+0x2d/0x110
[   57.945373][ T7042]  ? __fd_install+0x1b4/0x600
[   57.950160][ T7042]  ? lock_downgrade+0x840/0x840
[   57.955023][ T7042]  ? __fget_light+0x1ab/0x270
[   57.959845][ T7042]  __sys_sendmsg+0xec/0x1b0
[   57.964492][ T7042]  ? __sys_sendmsg_sock+0xb0/0xb0
[   57.969667][ T7042]  ? trace_hardirqs_off_caller+0x55/0x230
[   57.976088][ T7042]  ? do_syscall_64+0x21/0x7d0
[   57.980962][ T7042]  do_syscall_64+0xf6/0x7d0
[   57.985578][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   57.991733][ T7042] RIP: 0033:0x441279
[   57.995744][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   58.016385][ T7042] RSP: 002b:00007ffd59df3f58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.025073][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
[   58.033053][ T7042] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004
[   58.041012][ T7042] RBP: 000000000000e142 R08: 00000000004002c8 R09: 00000000004002c8
[   58.049056][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0
[   58.057218][ T7042] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   58.065278][ T7042] 
[   58.067729][ T7042] Allocated by task 7042:
[   58.072068][ T7042]  save_stack+0x1b/0x80
[   58.076342][ T7042]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   58.082049][ T7042]  __kmalloc_track_caller+0x159/0x7a0
[   58.087416][ T7042]  kvasprintf+0xb5/0x150
[   58.091637][ T7042]  kasprintf+0xbb/0xf0
[   58.095705][ T7042]  nf_tables_newset+0x1543/0x2560
[   58.100730][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   58.105930][ T7042]  nfnetlink_rcv+0x3af/0x420
[   58.110586][ T7042]  netlink_unicast+0x537/0x740
[   58.115351][ T7042]  netlink_sendmsg+0x882/0xe10
[   58.120101][ T7042]  sock_sendmsg+0xcf/0x120
[   58.124513][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   58.129262][ T7042]  ___sys_sendmsg+0x100/0x170
[   58.134043][ T7042]  __sys_sendmsg+0xec/0x1b0
[   58.138555][ T7042]  do_syscall_64+0xf6/0x7d0
[   58.143054][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   58.148963][ T7042] 
[   58.151286][ T7042] Freed by task 7042:
[   58.155257][ T7042]  save_stack+0x1b/0x80
[   58.159394][ T7042]  __kasan_slab_free+0xf7/0x140
[   58.164224][ T7042]  kfree+0x109/0x2b0
[   58.168113][ T7042]  nf_tables_newset+0x1f73/0x2560
[   58.173117][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   58.178301][ T7042]  nfnetlink_rcv+0x3af/0x420
[   58.182883][ T7042]  netlink_unicast+0x537/0x740
[   58.187628][ T7042]  netlink_sendmsg+0x882/0xe10
[   58.192370][ T7042]  sock_sendmsg+0xcf/0x120
[   58.196764][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   58.201509][ T7042]  ___sys_sendmsg+0x100/0x170
[   58.206163][ T7042]  __sys_sendmsg+0xec/0x1b0
[   58.210648][ T7042]  do_syscall_64+0xf6/0x7d0
[   58.215153][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   58.221016][ T7042] 
[   58.223327][ T7042] The buggy address belongs to the object at ffff88809e207a00
[   58.223327][ T7042]  which belongs to the cache kmalloc-32 of size 32
[   58.237184][ T7042] The buggy address is located 0 bytes inside of
[   58.237184][ T7042]  32-byte region [ffff88809e207a00, ffff88809e207a20)
[   58.250168][ T7042] The buggy address belongs to the page:
[   58.255787][ T7042] page:ffffea00027881c0 refcount:1 mapcount:0 mapping:ffff8880aa0001c0 index:0xffff88809e207fc1
[   58.266204][ T7042] flags: 0xfffe0000000200(slab)
[   58.271044][ T7042] raw: 00fffe0000000200 ffffea00025bbd88 ffffea0002767ac8 ffff8880aa0001c0
[   58.279647][ T7042] raw: ffff88809e207fc1 ffff88809e207000 000000010000002b 0000000000000000
[   58.288331][ T7042] page dumped because: kasan: bad access detected
[   58.294723][ T7042] 
[   58.297032][ T7042] Memory state around the buggy address:
[   58.302648][ T7042]  ffff88809e207900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   58.310702][ T7042]  ffff88809e207980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   58.319097][ T7042] >ffff88809e207a00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   58.327136][ T7042]                    ^
[   58.331187][ T7042]  ffff88809e207a80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   58.339244][ T7042]  ffff88809e207b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   58.347281][ T7042] ==================================================================
[   58.355404][ T7042] Disabling lock debugging due to kernel taint
[   58.361536][ T7042] Kernel panic - not syncing: panic_on_warn set ...
[   58.368129][ T7042] CPU: 1 PID: 7042 Comm: syz-executor794 Tainted: G    B             5.6.0-syzkaller #0
[   58.377960][ T7042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.388092][ T7042] Call Trace:
[   58.391509][ T7042]  dump_stack+0x188/0x20d
[   58.395836][ T7042]  panic+0x2e3/0x75c
[   58.399747][ T7042]  ? add_taint.cold+0x16/0x16
[   58.404439][ T7042]  ? print_shadow_for_address+0xb8/0x114
[   58.410055][ T7042]  ? trace_hardirqs_off+0x50/0x220
[   58.415170][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   58.420418][ T7042]  end_report+0x43/0x49
[   58.424656][ T7042]  kasan_report_invalid_free+0x7d/0xa0
[   58.430138][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   58.435319][ T7042]  __kasan_slab_free+0x129/0x140
[   58.440235][ T7042]  ? nf_tables_newset+0x1ed6/0x2560
[   58.445412][ T7042]  kfree+0x109/0x2b0
[   58.450152][ T7042]  nf_tables_newset+0x1ed6/0x2560
[   58.455161][ T7042]  ? lock_downgrade+0x840/0x840
[   58.459992][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   58.465605][ T7042]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   58.471570][ T7042]  ? __nla_parse+0x2e/0x60
[   58.475965][ T7042]  nfnetlink_rcv_batch+0x83a/0x1610
[   58.481161][ T7042]  ? nft_set_elem_expr_alloc+0x200/0x200
[   58.486979][ T7042]  ? nfnetlink_subsys_register+0x2b0/0x2b0
[   58.494163][ T7042]  ? __nla_validate_parse+0x2af/0x1cd0
[   58.499607][ T7042]  ? cap_capable+0x1eb/0x250
[   58.504193][ T7042]  ? nla_memcpy+0xa0/0xa0
[   58.508518][ T7042]  ? ns_capable_common+0xe2/0x100
[   58.513546][ T7042]  ? __nla_parse+0x2e/0x60
[   58.518008][ T7042]  nfnetlink_rcv+0x3af/0x420
[   58.522592][ T7042]  ? nfnetlink_rcv_batch+0x1610/0x1610
[   58.528043][ T7042]  netlink_unicast+0x537/0x740
[   58.532792][ T7042]  ? netlink_attachskb+0x810/0x810
[   58.537938][ T7042]  ? _copy_from_iter_full+0x25c/0x870
[   58.543291][ T7042]  ? __phys_addr_symbol+0x2c/0x70
[   58.548338][ T7042]  ? __check_object_size+0x171/0x437
[   58.553609][ T7042]  netlink_sendmsg+0x882/0xe10
[   58.558354][ T7042]  ? aa_af_perm+0x260/0x260
[   58.562834][ T7042]  ? netlink_unicast+0x740/0x740
[   58.567800][ T7042]  ? netlink_unicast+0x740/0x740
[   58.572829][ T7042]  sock_sendmsg+0xcf/0x120
[   58.577243][ T7042]  ____sys_sendmsg+0x6bf/0x7e0
[   58.582008][ T7042]  ? print_usage_bug+0x240/0x240
[   58.587023][ T7042]  ? kernel_sendmsg+0x50/0x50
[   58.591683][ T7042]  ___sys_sendmsg+0x100/0x170
[   58.596350][ T7042]  ? sendmsg_copy_msghdr+0x70/0x70
[   58.601460][ T7042]  ? mark_held_locks+0xe0/0xe0
[   58.606215][ T7042]  ? __this_cpu_preempt_check+0x28/0x190
[   58.611826][ T7042]  ? percpu_counter_add_batch+0x123/0x180
[   58.617538][ T7042]  ? find_held_lock+0x2d/0x110
[   58.622280][ T7042]  ? __fd_install+0x1b4/0x600
[   58.626959][ T7042]  ? lock_downgrade+0x840/0x840
[   58.631786][ T7042]  ? __fget_light+0x1ab/0x270
[   58.636617][ T7042]  __sys_sendmsg+0xec/0x1b0
[   58.641097][ T7042]  ? __sys_sendmsg_sock+0xb0/0xb0
[   58.646116][ T7042]  ? trace_hardirqs_off_caller+0x55/0x230
[   58.651841][ T7042]  ? do_syscall_64+0x21/0x7d0
[   58.656647][ T7042]  do_syscall_64+0xf6/0x7d0
[   58.661150][ T7042]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   58.667172][ T7042] RIP: 0033:0x441279
[   58.671077][ T7042] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   58.690845][ T7042] RSP: 002b:00007ffd59df3f58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.700213][ T7042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
[   58.708794][ T7042] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004
[   58.717919][ T7042] RBP: 000000000000e142 R08: 00000000004002c8 R09: 00000000004002c8
[   58.727254][ T7042] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0
[   58.736877][ T7042] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   58.746069][ T7042] Kernel Offset: disabled
[   58.750919][ T7042] Rebooting in 86400 seconds..