[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.855559] audit: type=1400 audit(1600814504.737:8): avc: denied { execmem } for pid=6501 comm="syz-executor839" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.857466] ================================================================================ [ 39.884211] UBSAN: Undefined behaviour in net/netfilter/nf_nat_core.c:67:9 [ 39.891306] index 14 is out of range for type 'nf_nat_l3proto *[13]' [ 39.897780] CPU: 0 PID: 6501 Comm: syz-executor839 Not tainted 4.19.146-syzkaller #0 [ 39.905636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.914968] Call Trace: [ 39.917540] dump_stack+0x22c/0x33e [ 39.921154] ubsan_epilogue+0xe/0x3a [ 39.925332] __ubsan_handle_out_of_bounds.cold+0x63/0x6f [ 39.930771] ? find_held_lock+0x2d/0x110 [ 39.934816] nfnetlink_parse_nat_setup+0x68c/0x750 [ 39.939742] ? mark_held_locks+0xf0/0xf0 [ 39.943782] ? nf_nat_inet_fn+0xb10/0xb10 [ 39.947927] ? cache_alloc_refill+0xc5/0x410 [ 39.952321] ? __nf_ct_helper_find+0x3ec/0x610 [ 39.956883] ? nf_conntrack_helpers_register+0xd0/0xd0 [ 39.962148] ctnetlink_parse_nat_setup+0xd6/0x760 [ 39.966974] ctnetlink_create_conntrack+0x48f/0x1350 [ 39.972102] ? ctnetlink_change_helper+0x8f0/0x8f0 [ 39.977013] ? hash_conntrack_raw+0x2d6/0x460 [ 39.981488] ? nf_ct_get_tuple+0x730/0x730 [ 39.985702] ? nf_ct_gc_expired+0x300/0x300 [ 39.990020] ? nfnetlink_rcv_msg+0xa8f/0x1210 [ 39.994499] ctnetlink_new_conntrack+0x4f3/0xdb0 [ 39.999255] ? ctnetlink_create_conntrack+0x1350/0x1350 [ 40.004614] ? nfnetlink_rcv_msg+0xa8f/0x1210 [ 40.009092] ? nfnetlink_rcv_msg+0xa50/0x1210 [ 40.013588] ? ctnetlink_create_conntrack+0x1350/0x1350 [ 40.018947] nfnetlink_rcv_msg+0xeff/0x1210 [ 40.023271] ? nfnetlink_net_init+0x170/0x170 [ 40.027764] ? cred_has_capability+0x162/0x2e0 [ 40.032413] ? cred_has_capability+0x1d9/0x2e0 [ 40.036992] ? selinux_inode_copy_up+0x180/0x180 [ 40.041744] ? selinux_inode_copy_up+0x180/0x180 [ 40.046491] netlink_rcv_skb+0x160/0x440 [ 40.050533] ? nfnetlink_net_init+0x170/0x170 [ 40.055014] ? netlink_ack+0xae0/0xae0 [ 40.058886] ? ns_capable_common+0x117/0x140 [ 40.063290] nfnetlink_rcv+0x1b2/0x41b [ 40.067170] ? nfnetlink_rcv_batch+0x1710/0x1710 [ 40.071956] netlink_unicast+0x4d5/0x690 [ 40.076003] ? netlink_sendskb+0x110/0x110 [ 40.080226] netlink_sendmsg+0x717/0xcc0 [ 40.084286] ? nlmsg_notify+0x1a0/0x1a0 [ 40.088287] ? __sock_recv_ts_and_drops+0x540/0x540 [ 40.093311] ? nlmsg_notify+0x1a0/0x1a0 [ 40.097277] sock_sendmsg+0xc7/0x130 [ 40.100976] ___sys_sendmsg+0x7bb/0x8f0 [ 40.104934] ? copy_msghdr_from_user+0x440/0x440 [ 40.109673] ? do_huge_pmd_anonymous_page+0x939/0x1d70 [ 40.114951] ? prep_transhuge_page+0xa0/0xa0 [ 40.119342] ? check_preemption_disabled+0x41/0x2b0 [ 40.124368] ? mark_held_locks+0xf0/0xf0 [ 40.128478] ? __handle_mm_fault+0xf34/0x4370 [ 40.132979] ? errseq_sample+0x56/0x70 [ 40.136867] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 40.141695] ? find_held_lock+0x2d/0x110 [ 40.145740] ? find_held_lock+0x2d/0x110 [ 40.149791] ? __fget_light+0x1a2/0x230 [ 40.153753] __x64_sys_sendmsg+0x132/0x220 [ 40.157969] ? __sys_sendmsg+0x1b0/0x1b0 [ 40.162019] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.166756] ? trace_hardirqs_off_caller+0x69/0x210 [ 40.171752] ? do_syscall_64+0x21/0x670 [ 40.175706] do_syscall_64+0xf9/0x670 [ 40.179493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.184661] RIP: 0033:0x440679 [ 40.187842] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.206720] RSP: 002b:00007ffffdf6e7a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 40.214521] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440679 [ 40.221770] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 40.229032] RBP: 00000000006ca018 R08: 0000000000000001 R09: 00000000004002c8 [ 40.236279] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000401e80 [ 40.243526] R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000 [ 40.250787] ================================================================================