[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.348398] audit: type=1400 audit(1597533515.324:8): avc:  denied  { execmem } for  pid=6477 comm="syz-executor048" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   39.351088] ==================================================================
[   39.375838] BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x5ed/0x640
[   39.383987] Read of size 8 at addr ffffffff8830e5d8 by task syz-executor048/6477
[   39.391502] 
[   39.393116] CPU: 1 PID: 6477 Comm: syz-executor048 Not tainted 4.19.139-syzkaller #0
[   39.400983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.410316] Call Trace:
[   39.413017]  dump_stack+0x1fc/0x2fe
[   39.416626]  print_address_description.cold+0x5/0x219
[   39.421806]  kasan_report_error.cold+0x8a/0x1c7
[   39.426509]  ? nfnetlink_parse_nat_setup+0x5ed/0x640
[   39.431587]  __asan_report_load8_noabort+0x88/0x90
[   39.436496]  ? nfnetlink_parse_nat_setup+0x5ed/0x640
[   39.441576]  nfnetlink_parse_nat_setup+0x5ed/0x640
[   39.446485]  ? nf_nat_inet_fn+0xb00/0xb00
[   39.450649]  ctnetlink_parse_nat_setup+0xb6/0x640
[   39.455471]  ctnetlink_create_conntrack+0x4bb/0x12c0
[   39.460553]  ? ctnetlink_change_synproxy.isra.0+0x380/0x380
[   39.466243]  ? hash_conntrack_raw+0x2d6/0x460
[   39.470722]  ? nf_ct_get_tuplepr+0x310/0x310
[   39.475110]  ? nf_ct_gc_expired+0x300/0x300
[   39.479416]  ? nfnetlink_rcv_msg+0x98d/0xf60
[   39.483807]  ctnetlink_new_conntrack+0x4f3/0xde0
[   39.488545]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[   39.494012]  ? nfnetlink_rcv_msg+0x98d/0xf60
[   39.498402]  ? nfnetlink_rcv_msg+0x95a/0xf60
[   39.502795]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[   39.508353]  nfnetlink_rcv_msg+0xc4f/0xf60
[   39.512620]  ? nfnetlink_net_exit_batch+0x150/0x150
[   39.517628]  ? __lock_acquire+0x6de/0x3ff0
[   39.521855]  ? cred_has_capability.isra.0+0x139/0x2b0
[   39.527023]  ? cred_has_capability.isra.0+0x1b0/0x2b0
[   39.532201]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[   39.537228]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[   39.542136]  netlink_rcv_skb+0x160/0x440
[   39.546230]  ? nfnetlink_net_exit_batch+0x150/0x150
[   39.551225]  ? netlink_ack+0xae0/0xae0
[   39.555095]  ? ns_capable+0xde/0x100
[   39.558794]  nfnetlink_rcv+0x1b2/0x41b
[   39.562661]  ? nfnetlink_rcv_batch+0x1df0/0x1df0
[   39.567403]  netlink_unicast+0x4d5/0x690
[   39.571443]  ? netlink_sendskb+0x110/0x110
[   39.575662]  netlink_sendmsg+0x6bb/0xc40
[   39.579748]  ? nlmsg_notify+0x1a0/0x1a0
[   39.583702]  ? kernel_recvmsg+0x220/0x220
[   39.587834]  ? nlmsg_notify+0x1a0/0x1a0
[   39.591783]  sock_sendmsg+0xc3/0x120
[   39.595475]  ___sys_sendmsg+0x7bb/0x8e0
[   39.599431]  ? copy_msghdr_from_user+0x440/0x440
[   39.604164]  ? do_huge_pmd_anonymous_page+0x939/0x1cc0
[   39.609423]  ? prep_transhuge_page+0xa0/0xa0
[   39.613808]  ? check_preemption_disabled+0x41/0x280
[   39.618800]  ? mark_held_locks+0xf0/0xf0
[   39.622840]  ? __handle_mm_fault+0xf34/0x41c0
[   39.627339]  ? errseq_sample+0x56/0x70
[   39.631216]  ? vm_insert_page+0x9c0/0x9c0
[   39.635355]  ? __do_page_fault+0x71b/0xde0
[   39.639567]  ? __fdget+0x1a0/0x230
[   39.643086]  __x64_sys_sendmsg+0x132/0x220
[   39.647301]  ? __sys_sendmsg+0x1b0/0x1b0
[   39.651349]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.656082]  ? trace_hardirqs_off_caller+0x69/0x210
[   39.661077]  ? do_syscall_64+0x21/0x620
[   39.665033]  do_syscall_64+0xf9/0x620
[   39.668820]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.673985] RIP: 0033:0x440359
[   39.677157] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   39.696037] RSP: 002b:00007ffe4e1557d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   39.703734] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440359
[   39.710997] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   39.718247] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   39.725513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b60
[   39.732774] R13: 0000000000401bf0 R14: 0000000000000000 R15: 0000000000000000
[   39.740044] 
[   39.741666] The buggy address belongs to the variable:
[   39.746961]  nft_flow_offload_policy+0x38/0x100
[   39.751600] 
[   39.753204] Memory state around the buggy address:
[   39.758110]  ffffffff8830e480: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
[   39.765447]  ffffffff8830e500: 00 00 00 00 00 fa fa fa fa fa fa fa 00 05 fa fa
[   39.772787] >ffffffff8830e580: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 07 fa
[   39.780142]                                                     ^
[   39.786355]  ffffffff8830e600: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   39.793691]  ffffffff8830e680: fa fa fa fa 00 00 00 00 00 00 fa fa fa fa fa fa
[   39.801025] ==================================================================
[   39.808356] Disabling lock debugging due to kernel taint
[   39.814379] Kernel panic - not syncing: panic_on_warn set ...
[   39.814379] 
[   39.821840] CPU: 1 PID: 6477 Comm: syz-executor048 Tainted: G    B             4.19.139-syzkaller #0
[   39.831107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.840459] Call Trace:
[   39.843049]  dump_stack+0x1fc/0x2fe
[   39.846667]  panic+0x26a/0x50e
[   39.849836]  ? __warn_printk+0xf3/0xf3
[   39.853699]  ? preempt_schedule_common+0x45/0xc0
[   39.858433]  ? ___preempt_schedule+0x16/0x18
[   39.862816]  ? trace_hardirqs_on+0x55/0x210
[   39.867116]  kasan_end_report+0x43/0x49
[   39.871065]  kasan_report_error.cold+0xa7/0x1c7
[   39.875712]  ? nfnetlink_parse_nat_setup+0x5ed/0x640
[   39.880789]  __asan_report_load8_noabort+0x88/0x90
[   39.885696]  ? nfnetlink_parse_nat_setup+0x5ed/0x640
[   39.890776]  nfnetlink_parse_nat_setup+0x5ed/0x640
[   39.895683]  ? nf_nat_inet_fn+0xb00/0xb00
[   39.899813]  ctnetlink_parse_nat_setup+0xb6/0x640
[   39.904653]  ctnetlink_create_conntrack+0x4bb/0x12c0
[   39.909733]  ? ctnetlink_change_synproxy.isra.0+0x380/0x380
[   39.915420]  ? hash_conntrack_raw+0x2d6/0x460
[   39.919890]  ? nf_ct_get_tuplepr+0x310/0x310
[   39.924275]  ? nf_ct_gc_expired+0x300/0x300
[   39.928574]  ? nfnetlink_rcv_msg+0x98d/0xf60
[   39.932977]  ctnetlink_new_conntrack+0x4f3/0xde0
[   39.937730]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[   39.943096]  ? nfnetlink_rcv_msg+0x98d/0xf60
[   39.947501]  ? nfnetlink_rcv_msg+0x95a/0xf60
[   39.951891]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[   39.957232]  nfnetlink_rcv_msg+0xc4f/0xf60
[   39.961447]  ? nfnetlink_net_exit_batch+0x150/0x150
[   39.966449]  ? __lock_acquire+0x6de/0x3ff0
[   39.970661]  ? cred_has_capability.isra.0+0x139/0x2b0
[   39.975946]  ? cred_has_capability.isra.0+0x1b0/0x2b0
[   39.981113]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[   39.986016]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[   39.990939]  netlink_rcv_skb+0x160/0x440
[   39.994979]  ? nfnetlink_net_exit_batch+0x150/0x150
[   39.999970]  ? netlink_ack+0xae0/0xae0
[   40.003835]  ? ns_capable+0xde/0x100
[   40.007527]  nfnetlink_rcv+0x1b2/0x41b
[   40.011412]  ? nfnetlink_rcv_batch+0x1df0/0x1df0
[   40.016146]  netlink_unicast+0x4d5/0x690
[   40.020197]  ? netlink_sendskb+0x110/0x110
[   40.024425]  netlink_sendmsg+0x6bb/0xc40
[   40.028465]  ? nlmsg_notify+0x1a0/0x1a0
[   40.032415]  ? kernel_recvmsg+0x220/0x220
[   40.036542]  ? nlmsg_notify+0x1a0/0x1a0
[   40.040508]  sock_sendmsg+0xc3/0x120
[   40.044205]  ___sys_sendmsg+0x7bb/0x8e0
[   40.048239]  ? copy_msghdr_from_user+0x440/0x440
[   40.052981]  ? do_huge_pmd_anonymous_page+0x939/0x1cc0
[   40.058249]  ? prep_transhuge_page+0xa0/0xa0
[   40.062639]  ? check_preemption_disabled+0x41/0x280
[   40.067635]  ? mark_held_locks+0xf0/0xf0
[   40.071674]  ? __handle_mm_fault+0xf34/0x41c0
[   40.076146]  ? errseq_sample+0x56/0x70
[   40.080010]  ? vm_insert_page+0x9c0/0x9c0
[   40.084148]  ? __do_page_fault+0x71b/0xde0
[   40.088392]  ? __fdget+0x1a0/0x230
[   40.092022]  __x64_sys_sendmsg+0x132/0x220
[   40.096254]  ? __sys_sendmsg+0x1b0/0x1b0
[   40.100301]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.105081]  ? trace_hardirqs_off_caller+0x69/0x210
[   40.110075]  ? do_syscall_64+0x21/0x620
[   40.114034]  do_syscall_64+0xf9/0x620
[   40.117812]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.122977] RIP: 0033:0x440359
[   40.126146] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   40.145062] RSP: 002b:00007ffe4e1557d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   40.152746] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440359
[   40.159992] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   40.167239] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   40.174486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b60
[   40.181748] R13: 0000000000401bf0 R14: 0000000000000000 R15: 0000000000000000
[   40.190193] Kernel Offset: disabled
[   40.193811] Rebooting in 86400 seconds..