[   47.279169] audit: type=1800 audit(1580770482.496:30): pid=8127 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   51.733225] kauditd_printk_skb: 4 callbacks suppressed
[   51.733241] audit: type=1400 audit(1580770486.986:35): avc:  denied  { map } for  pid=8300 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts.
executing program
[   58.529266] audit: type=1400 audit(1580770493.776:36): avc:  denied  { map } for  pid=8312 comm="syz-executor464" path="/root/syz-executor464572241" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   58.534063] netlink: 124 bytes leftover after parsing attributes in process `syz-executor464'.
[   58.556703] audit: type=1400 audit(1580770493.776:37): avc:  denied  { create } for  pid=8312 comm="syz-executor464" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   58.566258] ==================================================================
[   58.589956] audit: type=1400 audit(1580770493.776:38): avc:  denied  { write } for  pid=8312 comm="syz-executor464" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   58.596850] BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x436/0x450
[   58.596863] Read of size 8 at addr ffffffff884faaf8 by task syz-executor464/8312
[   58.596866] 
[   58.596879] CPU: 0 PID: 8312 Comm: syz-executor464 Not tainted 4.19.101-syzkaller #0
[   58.596886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.596891] Call Trace:
[   58.596910]  dump_stack+0x197/0x210
[   58.596925]  ? nfnetlink_parse_nat_setup+0x436/0x450
[   58.596946]  print_address_description.cold+0x5/0x20d
[   58.676571]  ? nfnetlink_parse_nat_setup+0x436/0x450
[   58.681665]  kasan_report.cold+0x8c/0x2ba
[   58.685809]  __asan_report_load8_noabort+0x14/0x20
[   58.690786]  nfnetlink_parse_nat_setup+0x436/0x450
[   58.695948]  ? nf_nat_inet_fn+0x8b0/0x8b0
[   58.700155]  ctnetlink_parse_nat_setup+0xc5/0x660
[   58.705022]  ctnetlink_create_conntrack+0x4ea/0x1300
[   58.710121]  ? ctnetlink_dump_table+0x12e0/0x12e0
[   58.714962]  ? __nf_conntrack_confirm+0x31e0/0x31e0
[   58.720072]  ctnetlink_new_conntrack+0x527/0xe50
[   58.725267]  ? ctnetlink_create_conntrack+0x1300/0x1300
[   58.730633]  ? find_held_lock+0x35/0x130
[   58.734701]  ? ctnetlink_create_conntrack+0x1300/0x1300
[   58.740076]  nfnetlink_rcv_msg+0xd0d/0xfcf
[   58.744320]  ? nfnetlink_bind+0x2c0/0x2c0
[   58.748477]  ? avc_has_extended_perms+0x10f0/0x10f0
[   58.753484]  ? __save_stack_trace+0x99/0x100
[   58.757892]  ? selinux_ipv4_output+0x50/0x50
[   58.762312]  ? netlink_sendmsg+0x97b/0xd70
[   58.766541]  ? mark_held_locks+0x100/0x100
[   58.770785]  netlink_rcv_skb+0x17d/0x460
[   58.774844]  ? nfnetlink_bind+0x2c0/0x2c0
[   58.778983]  ? netlink_ack+0xb30/0xb30
[   58.783030]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.788561]  ? ns_capable_common+0x93/0x100
[   58.792883]  ? ns_capable+0x20/0x30
[   58.796501]  ? __netlink_ns_capable+0x104/0x140
[   58.801160]  nfnetlink_rcv+0x1c0/0x460
[   58.805034]  ? nfnetlink_rcv_batch+0x1750/0x1750
[   58.809789]  ? netlink_deliver_tap+0x254/0xc20
[   58.814366]  ? kasan_check_write+0x14/0x20
[   58.818611]  netlink_unicast+0x53a/0x730
[   58.822666]  ? netlink_attachskb+0x770/0x770
[   58.827069]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.832597]  netlink_sendmsg+0x8ae/0xd70
[   58.836661]  ? netlink_unicast+0x730/0x730
[   58.840900]  ? selinux_socket_sendmsg+0x36/0x40
[   58.845573]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.851095]  ? security_socket_sendmsg+0x8d/0xc0
[   58.855915]  ? netlink_unicast+0x730/0x730
[   58.860243]  sock_sendmsg+0xd7/0x130
[   58.863976]  ___sys_sendmsg+0x803/0x920
[   58.867961]  ? copy_msghdr_from_user+0x430/0x430
[   58.872960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.878531]  ? __handle_mm_fault+0x7d1/0x3f80
[   58.883026]  ? copy_page_range+0x2030/0x2030
[   58.887462]  ? __do_page_fault+0x676/0xe90
[   58.891701]  ? find_held_lock+0x35/0x130
[   58.895786]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   58.901385]  ? __fget_light+0x1a9/0x230
[   58.905364]  ? __fdget+0x1b/0x20
[   58.908722]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   58.914282]  __sys_sendmsg+0x105/0x1d0
[   58.918179]  ? __ia32_sys_shutdown+0x80/0x80
[   58.922601]  ? up_read+0x1a/0x110
[   58.926046]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   58.930791]  ? do_syscall_64+0x26/0x620
[   58.934874]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   58.940229]  ? do_syscall_64+0x26/0x620
[   58.944198]  __x64_sys_sendmsg+0x78/0xb0
[   58.948245]  do_syscall_64+0xfd/0x620
[   58.952037]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   58.957304] RIP: 0033:0x4401a9
[   58.960510] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   58.979754] RSP: 002b:00007ffd12dfb4f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.987457] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   58.994730] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   59.002036] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   59.009302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   59.016579] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   59.023860] 
[   59.025492] The buggy address belongs to the variable:
[   59.030780]  nft_immediate_policy+0x138/0x140
[   59.035256] 
[   59.036889] Memory state around the buggy address:
[   59.041840]  ffffffff884fa980: 00 fa fa fa fa fa fa fa 00 00 00 00 00 00 fa fa
[   59.049288]  ffffffff884faa00: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
[   59.056644] >ffffffff884faa80: 00 00 00 00 fa fa fa fa 04 fa fa fa fa fa fa fa
[   59.063991]                                                                 ^
[   59.071249]  ffffffff884fab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
[   59.078718]  ffffffff884fab80: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
[   59.086070] ==================================================================
[   59.093434] Disabling lock debugging due to kernel taint
[   59.100001] Kernel panic - not syncing: panic_on_warn set ...
[   59.100001] 
[   59.107398] CPU: 0 PID: 8312 Comm: syz-executor464 Tainted: G    B             4.19.101-syzkaller #0
[   59.116828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.126167] Call Trace:
[   59.128746]  dump_stack+0x197/0x210
[   59.132362]  ? nfnetlink_parse_nat_setup+0x436/0x450
[   59.137454]  panic+0x26a/0x50e
[   59.140643]  ? __warn_printk+0xf3/0xf3
[   59.144513]  ? nfnetlink_parse_nat_setup+0x436/0x450
[   59.149629]  ? preempt_schedule+0x4b/0x60
[   59.153792]  ? ___preempt_schedule+0x16/0x18
[   59.158237]  ? trace_hardirqs_on+0x5e/0x220
[   59.162553]  ? nfnetlink_parse_nat_setup+0x436/0x450
[   59.167664]  kasan_end_report+0x47/0x4f
[   59.171651]  kasan_report.cold+0xa9/0x2ba
[   59.175800]  __asan_report_load8_noabort+0x14/0x20
[   59.180721]  nfnetlink_parse_nat_setup+0x436/0x450
[   59.185672]  ? nf_nat_inet_fn+0x8b0/0x8b0
[   59.189968]  ctnetlink_parse_nat_setup+0xc5/0x660
[   59.194806]  ctnetlink_create_conntrack+0x4ea/0x1300
[   59.200014]  ? ctnetlink_dump_table+0x12e0/0x12e0
[   59.204847]  ? __nf_conntrack_confirm+0x31e0/0x31e0
[   59.209853]  ctnetlink_new_conntrack+0x527/0xe50
[   59.214601]  ? ctnetlink_create_conntrack+0x1300/0x1300
[   59.219972]  ? find_held_lock+0x35/0x130
[   59.224073]  ? ctnetlink_create_conntrack+0x1300/0x1300
[   59.229448]  nfnetlink_rcv_msg+0xd0d/0xfcf
[   59.234462]  ? nfnetlink_bind+0x2c0/0x2c0
[   59.238858]  ? avc_has_extended_perms+0x10f0/0x10f0
[   59.243862]  ? __save_stack_trace+0x99/0x100
[   59.248320]  ? selinux_ipv4_output+0x50/0x50
[   59.252730]  ? netlink_sendmsg+0x97b/0xd70
[   59.256959]  ? mark_held_locks+0x100/0x100
[   59.261177]  netlink_rcv_skb+0x17d/0x460
[   59.265224]  ? nfnetlink_bind+0x2c0/0x2c0
[   59.269374]  ? netlink_ack+0xb30/0xb30
[   59.273249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.278813]  ? ns_capable_common+0x93/0x100
[   59.283141]  ? ns_capable+0x20/0x30
[   59.286759]  ? __netlink_ns_capable+0x104/0x140
[   59.291435]  nfnetlink_rcv+0x1c0/0x460
[   59.295314]  ? nfnetlink_rcv_batch+0x1750/0x1750
[   59.300054]  ? netlink_deliver_tap+0x254/0xc20
[   59.304662]  ? kasan_check_write+0x14/0x20
[   59.308886]  netlink_unicast+0x53a/0x730
[   59.313083]  ? netlink_attachskb+0x770/0x770
[   59.317494]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.323051]  netlink_sendmsg+0x8ae/0xd70
[   59.327100]  ? netlink_unicast+0x730/0x730
[   59.331322]  ? selinux_socket_sendmsg+0x36/0x40
[   59.335982]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.342121]  ? security_socket_sendmsg+0x8d/0xc0
[   59.346876]  ? netlink_unicast+0x730/0x730
[   59.351106]  sock_sendmsg+0xd7/0x130
[   59.354809]  ___sys_sendmsg+0x803/0x920
[   59.358772]  ? copy_msghdr_from_user+0x430/0x430
[   59.363543]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.369090]  ? __handle_mm_fault+0x7d1/0x3f80
[   59.374554]  ? copy_page_range+0x2030/0x2030
[   59.378954]  ? __do_page_fault+0x676/0xe90
[   59.383187]  ? find_held_lock+0x35/0x130
[   59.387236]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.392760]  ? __fget_light+0x1a9/0x230
[   59.396718]  ? __fdget+0x1b/0x20
[   59.400115]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   59.405657]  __sys_sendmsg+0x105/0x1d0
[   59.409581]  ? __ia32_sys_shutdown+0x80/0x80
[   59.414002]  ? up_read+0x1a/0x110
[   59.417458]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   59.422224]  ? do_syscall_64+0x26/0x620
[   59.426240]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.431720]  ? do_syscall_64+0x26/0x620
[   59.435716]  __x64_sys_sendmsg+0x78/0xb0
[   59.440145]  do_syscall_64+0xfd/0x620
[   59.443992]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.449177] RIP: 0033:0x4401a9
[   59.452362] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   59.471261] RSP: 002b:00007ffd12dfb4f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.478969] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   59.486232] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   59.493569] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   59.501043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   59.509153] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   59.518066] Kernel Offset: disabled
[   59.521764] Rebooting in 86400 seconds..