[ 47.279169] audit: type=1800 audit(1580770482.496:30): pid=8127 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.733225] kauditd_printk_skb: 4 callbacks suppressed [ 51.733241] audit: type=1400 audit(1580770486.986:35): avc: denied { map } for pid=8300 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. executing program [ 58.529266] audit: type=1400 audit(1580770493.776:36): avc: denied { map } for pid=8312 comm="syz-executor464" path="/root/syz-executor464572241" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 58.534063] netlink: 124 bytes leftover after parsing attributes in process `syz-executor464'. [ 58.556703] audit: type=1400 audit(1580770493.776:37): avc: denied { create } for pid=8312 comm="syz-executor464" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 58.566258] ================================================================== [ 58.589956] audit: type=1400 audit(1580770493.776:38): avc: denied { write } for pid=8312 comm="syz-executor464" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 58.596850] BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x436/0x450 [ 58.596863] Read of size 8 at addr ffffffff884faaf8 by task syz-executor464/8312 [ 58.596866] [ 58.596879] CPU: 0 PID: 8312 Comm: syz-executor464 Not tainted 4.19.101-syzkaller #0 [ 58.596886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.596891] Call Trace: [ 58.596910] dump_stack+0x197/0x210 [ 58.596925] ? nfnetlink_parse_nat_setup+0x436/0x450 [ 58.596946] print_address_description.cold+0x5/0x20d [ 58.676571] ? nfnetlink_parse_nat_setup+0x436/0x450 [ 58.681665] kasan_report.cold+0x8c/0x2ba [ 58.685809] __asan_report_load8_noabort+0x14/0x20 [ 58.690786] nfnetlink_parse_nat_setup+0x436/0x450 [ 58.695948] ? nf_nat_inet_fn+0x8b0/0x8b0 [ 58.700155] ctnetlink_parse_nat_setup+0xc5/0x660 [ 58.705022] ctnetlink_create_conntrack+0x4ea/0x1300 [ 58.710121] ? ctnetlink_dump_table+0x12e0/0x12e0 [ 58.714962] ? __nf_conntrack_confirm+0x31e0/0x31e0 [ 58.720072] ctnetlink_new_conntrack+0x527/0xe50 [ 58.725267] ? ctnetlink_create_conntrack+0x1300/0x1300 [ 58.730633] ? find_held_lock+0x35/0x130 [ 58.734701] ? ctnetlink_create_conntrack+0x1300/0x1300 [ 58.740076] nfnetlink_rcv_msg+0xd0d/0xfcf [ 58.744320] ? nfnetlink_bind+0x2c0/0x2c0 [ 58.748477] ? avc_has_extended_perms+0x10f0/0x10f0 [ 58.753484] ? __save_stack_trace+0x99/0x100 [ 58.757892] ? selinux_ipv4_output+0x50/0x50 [ 58.762312] ? netlink_sendmsg+0x97b/0xd70 [ 58.766541] ? mark_held_locks+0x100/0x100 [ 58.770785] netlink_rcv_skb+0x17d/0x460 [ 58.774844] ? nfnetlink_bind+0x2c0/0x2c0 [ 58.778983] ? netlink_ack+0xb30/0xb30 [ 58.783030] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.788561] ? ns_capable_common+0x93/0x100 [ 58.792883] ? ns_capable+0x20/0x30 [ 58.796501] ? __netlink_ns_capable+0x104/0x140 [ 58.801160] nfnetlink_rcv+0x1c0/0x460 [ 58.805034] ? nfnetlink_rcv_batch+0x1750/0x1750 [ 58.809789] ? netlink_deliver_tap+0x254/0xc20 [ 58.814366] ? kasan_check_write+0x14/0x20 [ 58.818611] netlink_unicast+0x53a/0x730 [ 58.822666] ? netlink_attachskb+0x770/0x770 [ 58.827069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.832597] netlink_sendmsg+0x8ae/0xd70 [ 58.836661] ? netlink_unicast+0x730/0x730 [ 58.840900] ? selinux_socket_sendmsg+0x36/0x40 [ 58.845573] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.851095] ? security_socket_sendmsg+0x8d/0xc0 [ 58.855915] ? netlink_unicast+0x730/0x730 [ 58.860243] sock_sendmsg+0xd7/0x130 [ 58.863976] ___sys_sendmsg+0x803/0x920 [ 58.867961] ? copy_msghdr_from_user+0x430/0x430 [ 58.872960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.878531] ? __handle_mm_fault+0x7d1/0x3f80 [ 58.883026] ? copy_page_range+0x2030/0x2030 [ 58.887462] ? __do_page_fault+0x676/0xe90 [ 58.891701] ? find_held_lock+0x35/0x130 [ 58.895786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 58.901385] ? __fget_light+0x1a9/0x230 [ 58.905364] ? __fdget+0x1b/0x20 [ 58.908722] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 58.914282] __sys_sendmsg+0x105/0x1d0 [ 58.918179] ? __ia32_sys_shutdown+0x80/0x80 [ 58.922601] ? up_read+0x1a/0x110 [ 58.926046] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.930791] ? do_syscall_64+0x26/0x620 [ 58.934874] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.940229] ? do_syscall_64+0x26/0x620 [ 58.944198] __x64_sys_sendmsg+0x78/0xb0 [ 58.948245] do_syscall_64+0xfd/0x620 [ 58.952037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.957304] RIP: 0033:0x4401a9 [ 58.960510] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.979754] RSP: 002b:00007ffd12dfb4f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.987457] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9 [ 58.994730] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 59.002036] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 59.009302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30 [ 59.016579] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000 [ 59.023860] [ 59.025492] The buggy address belongs to the variable: [ 59.030780] nft_immediate_policy+0x138/0x140 [ 59.035256] [ 59.036889] Memory state around the buggy address: [ 59.041840] ffffffff884fa980: 00 fa fa fa fa fa fa fa 00 00 00 00 00 00 fa fa [ 59.049288] ffffffff884faa00: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.056644] >ffffffff884faa80: 00 00 00 00 fa fa fa fa 04 fa fa fa fa fa fa fa [ 59.063991] ^ [ 59.071249] ffffffff884fab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa [ 59.078718] ffffffff884fab80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.086070] ================================================================== [ 59.093434] Disabling lock debugging due to kernel taint [ 59.100001] Kernel panic - not syncing: panic_on_warn set ... [ 59.100001] [ 59.107398] CPU: 0 PID: 8312 Comm: syz-executor464 Tainted: G B 4.19.101-syzkaller #0 [ 59.116828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.126167] Call Trace: [ 59.128746] dump_stack+0x197/0x210 [ 59.132362] ? nfnetlink_parse_nat_setup+0x436/0x450 [ 59.137454] panic+0x26a/0x50e [ 59.140643] ? __warn_printk+0xf3/0xf3 [ 59.144513] ? nfnetlink_parse_nat_setup+0x436/0x450 [ 59.149629] ? preempt_schedule+0x4b/0x60 [ 59.153792] ? ___preempt_schedule+0x16/0x18 [ 59.158237] ? trace_hardirqs_on+0x5e/0x220 [ 59.162553] ? nfnetlink_parse_nat_setup+0x436/0x450 [ 59.167664] kasan_end_report+0x47/0x4f [ 59.171651] kasan_report.cold+0xa9/0x2ba [ 59.175800] __asan_report_load8_noabort+0x14/0x20 [ 59.180721] nfnetlink_parse_nat_setup+0x436/0x450 [ 59.185672] ? nf_nat_inet_fn+0x8b0/0x8b0 [ 59.189968] ctnetlink_parse_nat_setup+0xc5/0x660 [ 59.194806] ctnetlink_create_conntrack+0x4ea/0x1300 [ 59.200014] ? ctnetlink_dump_table+0x12e0/0x12e0 [ 59.204847] ? __nf_conntrack_confirm+0x31e0/0x31e0 [ 59.209853] ctnetlink_new_conntrack+0x527/0xe50 [ 59.214601] ? ctnetlink_create_conntrack+0x1300/0x1300 [ 59.219972] ? find_held_lock+0x35/0x130 [ 59.224073] ? ctnetlink_create_conntrack+0x1300/0x1300 [ 59.229448] nfnetlink_rcv_msg+0xd0d/0xfcf [ 59.234462] ? nfnetlink_bind+0x2c0/0x2c0 [ 59.238858] ? avc_has_extended_perms+0x10f0/0x10f0 [ 59.243862] ? __save_stack_trace+0x99/0x100 [ 59.248320] ? selinux_ipv4_output+0x50/0x50 [ 59.252730] ? netlink_sendmsg+0x97b/0xd70 [ 59.256959] ? mark_held_locks+0x100/0x100 [ 59.261177] netlink_rcv_skb+0x17d/0x460 [ 59.265224] ? nfnetlink_bind+0x2c0/0x2c0 [ 59.269374] ? netlink_ack+0xb30/0xb30 [ 59.273249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.278813] ? ns_capable_common+0x93/0x100 [ 59.283141] ? ns_capable+0x20/0x30 [ 59.286759] ? __netlink_ns_capable+0x104/0x140 [ 59.291435] nfnetlink_rcv+0x1c0/0x460 [ 59.295314] ? nfnetlink_rcv_batch+0x1750/0x1750 [ 59.300054] ? netlink_deliver_tap+0x254/0xc20 [ 59.304662] ? kasan_check_write+0x14/0x20 [ 59.308886] netlink_unicast+0x53a/0x730 [ 59.313083] ? netlink_attachskb+0x770/0x770 [ 59.317494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.323051] netlink_sendmsg+0x8ae/0xd70 [ 59.327100] ? netlink_unicast+0x730/0x730 [ 59.331322] ? selinux_socket_sendmsg+0x36/0x40 [ 59.335982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.342121] ? security_socket_sendmsg+0x8d/0xc0 [ 59.346876] ? netlink_unicast+0x730/0x730 [ 59.351106] sock_sendmsg+0xd7/0x130 [ 59.354809] ___sys_sendmsg+0x803/0x920 [ 59.358772] ? copy_msghdr_from_user+0x430/0x430 [ 59.363543] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.369090] ? __handle_mm_fault+0x7d1/0x3f80 [ 59.374554] ? copy_page_range+0x2030/0x2030 [ 59.378954] ? __do_page_fault+0x676/0xe90 [ 59.383187] ? find_held_lock+0x35/0x130 [ 59.387236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.392760] ? __fget_light+0x1a9/0x230 [ 59.396718] ? __fdget+0x1b/0x20 [ 59.400115] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.405657] __sys_sendmsg+0x105/0x1d0 [ 59.409581] ? __ia32_sys_shutdown+0x80/0x80 [ 59.414002] ? up_read+0x1a/0x110 [ 59.417458] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.422224] ? do_syscall_64+0x26/0x620 [ 59.426240] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.431720] ? do_syscall_64+0x26/0x620 [ 59.435716] __x64_sys_sendmsg+0x78/0xb0 [ 59.440145] do_syscall_64+0xfd/0x620 [ 59.443992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.449177] RIP: 0033:0x4401a9 [ 59.452362] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.471261] RSP: 002b:00007ffd12dfb4f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.478969] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9 [ 59.486232] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 59.493569] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 59.501043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30 [ 59.509153] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000 [ 59.518066] Kernel Offset: disabled [ 59.521764] Rebooting in 86400 seconds..