[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   59.943816][ T7155] ==================================================================
[   59.952040][ T7155] BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560
[   59.962689][ T7155] 
[   59.965018][ T7155] CPU: 0 PID: 7155 Comm: syz-executor408 Not tainted 5.6.0-syzkaller #0
[   59.973454][ T7155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.983496][ T7155] Call Trace:
[   59.986884][ T7155]  dump_stack+0x188/0x20d
[   59.991235][ T7155]  print_address_description.constprop.0.cold+0xd3/0x315
[   59.998251][ T7155]  ? nf_tables_newset+0x1ed6/0x2560
[   60.003619][ T7155]  kasan_report_invalid_free+0x61/0xa0
[   60.009074][ T7155]  ? nf_tables_newset+0x1ed6/0x2560
[   60.014265][ T7155]  __kasan_slab_free+0x129/0x140
[   60.019194][ T7155]  ? nf_tables_newset+0x1ed6/0x2560
[   60.024377][ T7155]  kfree+0x109/0x2b0
[   60.028272][ T7155]  nf_tables_newset+0x1ed6/0x2560
[   60.033294][ T7155]  ? lock_downgrade+0x840/0x840
[   60.038134][ T7155]  ? nft_set_elem_expr_alloc+0x200/0x200
[   60.043757][ T7155]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   60.049643][ T7155]  ? __nla_parse+0x2e/0x60
[   60.054043][ T7155]  nfnetlink_rcv_batch+0x83a/0x1610
[   60.059235][ T7155]  ? nft_set_elem_expr_alloc+0x200/0x200
[   60.064867][ T7155]  ? nfnetlink_subsys_register+0x2b0/0x2b0
[   60.070670][ T7155]  ? __nla_validate_parse+0x2af/0x1cd0
[   60.076198][ T7155]  ? cap_capable+0x1eb/0x250
[   60.080785][ T7155]  ? nla_memcpy+0xa0/0xa0
[   60.085114][ T7155]  ? ns_capable_common+0xe2/0x100
[   60.090124][ T7155]  ? __nla_parse+0x2e/0x60
[   60.094531][ T7155]  nfnetlink_rcv+0x3af/0x420
[   60.099109][ T7155]  ? nfnetlink_rcv_batch+0x1610/0x1610
[   60.104567][ T7155]  netlink_unicast+0x537/0x740
[   60.109351][ T7155]  ? netlink_attachskb+0x810/0x810
[   60.115438][ T7155]  ? _copy_from_iter_full+0x25c/0x870
[   60.121093][ T7155]  ? __phys_addr_symbol+0x2c/0x70
[   60.126138][ T7155]  ? __check_object_size+0x171/0x437
[   60.131507][ T7155]  netlink_sendmsg+0x882/0xe10
[   60.136261][ T7155]  ? aa_af_perm+0x260/0x260
[   60.140761][ T7155]  ? netlink_unicast+0x740/0x740
[   60.145695][ T7155]  ? netlink_unicast+0x740/0x740
[   60.150627][ T7155]  sock_sendmsg+0xcf/0x120
[   60.155142][ T7155]  ____sys_sendmsg+0x6bf/0x7e0
[   60.159894][ T7155]  ? print_usage_bug+0x240/0x240
[   60.164816][ T7155]  ? kernel_sendmsg+0x50/0x50
[   60.169487][ T7155]  ___sys_sendmsg+0x100/0x170
[   60.174246][ T7155]  ? sendmsg_copy_msghdr+0x70/0x70
[   60.179367][ T7155]  ? mark_held_locks+0xe0/0xe0
[   60.184117][ T7155]  ? __this_cpu_preempt_check+0x28/0x190
[   60.190118][ T7155]  ? percpu_counter_add_batch+0x123/0x180
[   60.195934][ T7155]  ? find_held_lock+0x2d/0x110
[   60.200695][ T7155]  ? __fd_install+0x1b4/0x600
[   60.205360][ T7155]  ? lock_downgrade+0x840/0x840
[   60.210215][ T7155]  ? __fget_light+0x1ab/0x270
[   60.214891][ T7155]  __sys_sendmsg+0xec/0x1b0
[   60.219379][ T7155]  ? __sys_sendmsg_sock+0xb0/0xb0
[   60.224390][ T7155]  ? trace_hardirqs_off_caller+0x55/0x230
[   60.230092][ T7155]  ? do_syscall_64+0x21/0x7d0
[   60.234757][ T7155]  do_syscall_64+0xf6/0x7d0
[   60.239245][ T7155]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   60.245125][ T7155] RIP: 0033:0x441279
[   60.249030][ T7155] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   60.268629][ T7155] RSP: 002b:00007ffc459aa938 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.277029][ T7155] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
[   60.285010][ T7155] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004
[   60.292974][ T7155] RBP: 000000000000e9cd R08: 00000000004002c8 R09: 00000000004002c8
[   60.300944][ T7155] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0
[   60.308908][ T7155] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   60.316884][ T7155] 
[   60.319197][ T7155] Allocated by task 7155:
[   60.323525][ T7155]  save_stack+0x1b/0x80
[   60.327666][ T7155]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   60.333289][ T7155]  __kmalloc_track_caller+0x159/0x7a0
[   60.338658][ T7155]  kvasprintf+0xb5/0x150
[   60.342889][ T7155]  kasprintf+0xbb/0xf0
[   60.346938][ T7155]  nf_tables_newset+0x1543/0x2560
[   60.351944][ T7155]  nfnetlink_rcv_batch+0x83a/0x1610
[   60.357120][ T7155]  nfnetlink_rcv+0x3af/0x420
[   60.361692][ T7155]  netlink_unicast+0x537/0x740
[   60.366449][ T7155]  netlink_sendmsg+0x882/0xe10
[   60.371210][ T7155]  sock_sendmsg+0xcf/0x120
[   60.375617][ T7155]  ____sys_sendmsg+0x6bf/0x7e0
[   60.380369][ T7155]  ___sys_sendmsg+0x100/0x170
[   60.385053][ T7155]  __sys_sendmsg+0xec/0x1b0
[   60.389573][ T7155]  do_syscall_64+0xf6/0x7d0
[   60.394078][ T7155]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   60.399947][ T7155] 
[   60.402271][ T7155] Freed by task 7155:
[   60.406248][ T7155]  save_stack+0x1b/0x80
[   60.410443][ T7155]  __kasan_slab_free+0xf7/0x140
[   60.415285][ T7155]  kfree+0x109/0x2b0
[   60.419181][ T7155]  nf_tables_newset+0x1f73/0x2560
[   60.424186][ T7155]  nfnetlink_rcv_batch+0x83a/0x1610
[   60.429385][ T7155]  nfnetlink_rcv+0x3af/0x420
[   60.433966][ T7155]  netlink_unicast+0x537/0x740
[   60.438724][ T7155]  netlink_sendmsg+0x882/0xe10
[   60.443474][ T7155]  sock_sendmsg+0xcf/0x120
[   60.447883][ T7155]  ____sys_sendmsg+0x6bf/0x7e0
[   60.452760][ T7155]  ___sys_sendmsg+0x100/0x170
[   60.457422][ T7155]  __sys_sendmsg+0xec/0x1b0
[   60.461924][ T7155]  do_syscall_64+0xf6/0x7d0
[   60.466416][ T7155]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   60.472301][ T7155] 
[   60.474615][ T7155] The buggy address belongs to the object at ffff8880a67e6e80
[   60.474615][ T7155]  which belongs to the cache kmalloc-32 of size 32
[   60.488476][ T7155] The buggy address is located 0 bytes inside of
[   60.488476][ T7155]  32-byte region [ffff8880a67e6e80, ffff8880a67e6ea0)
[   60.504517][ T7155] The buggy address belongs to the page:
[   60.510153][ T7155] page:ffffea000299f980 refcount:1 mapcount:0 mapping:ffff8880aa0001c0 index:0xffff8880a67e6fc1
[   60.521186][ T7155] flags: 0xfffe0000000200(slab)
[   60.526025][ T7155] raw: 00fffe0000000200 ffffea000291ecc8 ffffea0002a4cc48 ffff8880aa0001c0
[   60.534610][ T7155] raw: ffff8880a67e6fc1 ffff8880a67e6000 0000000100000036 0000000000000000
[   60.543267][ T7155] page dumped because: kasan: bad access detected
[   60.549772][ T7155] 
[   60.552182][ T7155] Memory state around the buggy address:
[   60.557814][ T7155]  ffff8880a67e6d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   60.565859][ T7155]  ffff8880a67e6e00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   60.573901][ T7155] >ffff8880a67e6e80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   60.581951][ T7155]                    ^
[   60.586006][ T7155]  ffff8880a67e6f00: 00 01 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   60.594055][ T7155]  ffff8880a67e6f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   60.603142][ T7155] ==================================================================
[   60.611227][ T7155] Disabling lock debugging due to kernel taint
[   60.617453][ T7155] Kernel panic - not syncing: panic_on_warn set ...
[   60.624729][ T7155] CPU: 0 PID: 7155 Comm: syz-executor408 Tainted: G    B             5.6.0-syzkaller #0
[   60.634421][ T7155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.644467][ T7155] Call Trace:
[   60.647786][ T7155]  dump_stack+0x188/0x20d
[   60.652107][ T7155]  panic+0x2e3/0x75c
[   60.656002][ T7155]  ? add_taint.cold+0x16/0x16
[   60.660663][ T7155]  ? print_shadow_for_address+0xb8/0x114
[   60.666286][ T7155]  ? trace_hardirqs_off+0x50/0x220
[   60.671394][ T7155]  ? nf_tables_newset+0x1ed6/0x2560
[   60.676569][ T7155]  end_report+0x43/0x49
[   60.680713][ T7155]  kasan_report_invalid_free+0x7d/0xa0
[   60.686150][ T7155]  ? nf_tables_newset+0x1ed6/0x2560
[   60.691340][ T7155]  __kasan_slab_free+0x129/0x140
[   60.696256][ T7155]  ? nf_tables_newset+0x1ed6/0x2560
[   60.701608][ T7155]  kfree+0x109/0x2b0
[   60.705491][ T7155]  nf_tables_newset+0x1ed6/0x2560
[   60.710499][ T7155]  ? lock_downgrade+0x840/0x840
[   60.715348][ T7155]  ? nft_set_elem_expr_alloc+0x200/0x200
[   60.720971][ T7155]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   60.726845][ T7155]  ? __nla_parse+0x2e/0x60
[   60.731249][ T7155]  nfnetlink_rcv_batch+0x83a/0x1610
[   60.736441][ T7155]  ? nft_set_elem_expr_alloc+0x200/0x200
[   60.742237][ T7155]  ? nfnetlink_subsys_register+0x2b0/0x2b0
[   60.748050][ T7155]  ? __nla_validate_parse+0x2af/0x1cd0
[   60.753497][ T7155]  ? cap_capable+0x1eb/0x250
[   60.758070][ T7155]  ? nla_memcpy+0xa0/0xa0
[   60.762376][ T7155]  ? ns_capable_common+0xe2/0x100
[   60.767375][ T7155]  ? __nla_parse+0x2e/0x60
[   60.771768][ T7155]  nfnetlink_rcv+0x3af/0x420
[   60.776366][ T7155]  ? nfnetlink_rcv_batch+0x1610/0x1610
[   60.781822][ T7155]  netlink_unicast+0x537/0x740
[   60.786567][ T7155]  ? netlink_attachskb+0x810/0x810
[   60.791672][ T7155]  ? _copy_from_iter_full+0x25c/0x870
[   60.797035][ T7155]  ? __phys_addr_symbol+0x2c/0x70
[   60.802047][ T7155]  ? __check_object_size+0x171/0x437
[   60.807334][ T7155]  netlink_sendmsg+0x882/0xe10
[   60.812089][ T7155]  ? aa_af_perm+0x260/0x260
[   60.816568][ T7155]  ? netlink_unicast+0x740/0x740
[   60.821598][ T7155]  ? netlink_unicast+0x740/0x740
[   60.826523][ T7155]  sock_sendmsg+0xcf/0x120
[   60.831105][ T7155]  ____sys_sendmsg+0x6bf/0x7e0
[   60.835854][ T7155]  ? print_usage_bug+0x240/0x240
[   60.840789][ T7155]  ? kernel_sendmsg+0x50/0x50
[   60.845452][ T7155]  ___sys_sendmsg+0x100/0x170
[   60.850111][ T7155]  ? sendmsg_copy_msghdr+0x70/0x70
[   60.855199][ T7155]  ? mark_held_locks+0xe0/0xe0
[   60.859940][ T7155]  ? __this_cpu_preempt_check+0x28/0x190
[   60.865548][ T7155]  ? percpu_counter_add_batch+0x123/0x180
[   60.871247][ T7155]  ? find_held_lock+0x2d/0x110
[   60.875995][ T7155]  ? __fd_install+0x1b4/0x600
[   60.880653][ T7155]  ? lock_downgrade+0x840/0x840
[   60.885496][ T7155]  ? __fget_light+0x1ab/0x270
[   60.890152][ T7155]  __sys_sendmsg+0xec/0x1b0
[   60.894658][ T7155]  ? __sys_sendmsg_sock+0xb0/0xb0
[   60.899664][ T7155]  ? trace_hardirqs_off_caller+0x55/0x230
[   60.905372][ T7155]  ? do_syscall_64+0x21/0x7d0
[   60.910037][ T7155]  do_syscall_64+0xf6/0x7d0
[   60.914533][ T7155]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   60.920405][ T7155] RIP: 0033:0x441279
[   60.924289][ T7155] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   60.943886][ T7155] RSP: 002b:00007ffc459aa938 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.952287][ T7155] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
[   60.960309][ T7155] RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004
[   60.968268][ T7155] RBP: 000000000000e9cd R08: 00000000004002c8 R09: 00000000004002c8
[   60.976227][ T7155] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0
[   60.984251][ T7155] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000
[   60.993614][ T7155] Kernel Offset: disabled
[   60.997936][ T7155] Rebooting in 86400 seconds..