[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.348398] audit: type=1400 audit(1597533515.324:8): avc: denied { execmem } for pid=6477 comm="syz-executor048" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.351088] ================================================================== [ 39.375838] BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x5ed/0x640 [ 39.383987] Read of size 8 at addr ffffffff8830e5d8 by task syz-executor048/6477 [ 39.391502] [ 39.393116] CPU: 1 PID: 6477 Comm: syz-executor048 Not tainted 4.19.139-syzkaller #0 [ 39.400983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.410316] Call Trace: [ 39.413017] dump_stack+0x1fc/0x2fe [ 39.416626] print_address_description.cold+0x5/0x219 [ 39.421806] kasan_report_error.cold+0x8a/0x1c7 [ 39.426509] ? nfnetlink_parse_nat_setup+0x5ed/0x640 [ 39.431587] __asan_report_load8_noabort+0x88/0x90 [ 39.436496] ? nfnetlink_parse_nat_setup+0x5ed/0x640 [ 39.441576] nfnetlink_parse_nat_setup+0x5ed/0x640 [ 39.446485] ? nf_nat_inet_fn+0xb00/0xb00 [ 39.450649] ctnetlink_parse_nat_setup+0xb6/0x640 [ 39.455471] ctnetlink_create_conntrack+0x4bb/0x12c0 [ 39.460553] ? ctnetlink_change_synproxy.isra.0+0x380/0x380 [ 39.466243] ? hash_conntrack_raw+0x2d6/0x460 [ 39.470722] ? nf_ct_get_tuplepr+0x310/0x310 [ 39.475110] ? nf_ct_gc_expired+0x300/0x300 [ 39.479416] ? nfnetlink_rcv_msg+0x98d/0xf60 [ 39.483807] ctnetlink_new_conntrack+0x4f3/0xde0 [ 39.488545] ? ctnetlink_create_conntrack+0x12c0/0x12c0 [ 39.494012] ? nfnetlink_rcv_msg+0x98d/0xf60 [ 39.498402] ? nfnetlink_rcv_msg+0x95a/0xf60 [ 39.502795] ? ctnetlink_create_conntrack+0x12c0/0x12c0 [ 39.508353] nfnetlink_rcv_msg+0xc4f/0xf60 [ 39.512620] ? nfnetlink_net_exit_batch+0x150/0x150 [ 39.517628] ? __lock_acquire+0x6de/0x3ff0 [ 39.521855] ? cred_has_capability.isra.0+0x139/0x2b0 [ 39.527023] ? cred_has_capability.isra.0+0x1b0/0x2b0 [ 39.532201] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 39.537228] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 39.542136] netlink_rcv_skb+0x160/0x440 [ 39.546230] ? nfnetlink_net_exit_batch+0x150/0x150 [ 39.551225] ? netlink_ack+0xae0/0xae0 [ 39.555095] ? ns_capable+0xde/0x100 [ 39.558794] nfnetlink_rcv+0x1b2/0x41b [ 39.562661] ? nfnetlink_rcv_batch+0x1df0/0x1df0 [ 39.567403] netlink_unicast+0x4d5/0x690 [ 39.571443] ? netlink_sendskb+0x110/0x110 [ 39.575662] netlink_sendmsg+0x6bb/0xc40 [ 39.579748] ? nlmsg_notify+0x1a0/0x1a0 [ 39.583702] ? kernel_recvmsg+0x220/0x220 [ 39.587834] ? nlmsg_notify+0x1a0/0x1a0 [ 39.591783] sock_sendmsg+0xc3/0x120 [ 39.595475] ___sys_sendmsg+0x7bb/0x8e0 [ 39.599431] ? copy_msghdr_from_user+0x440/0x440 [ 39.604164] ? do_huge_pmd_anonymous_page+0x939/0x1cc0 [ 39.609423] ? prep_transhuge_page+0xa0/0xa0 [ 39.613808] ? check_preemption_disabled+0x41/0x280 [ 39.618800] ? mark_held_locks+0xf0/0xf0 [ 39.622840] ? __handle_mm_fault+0xf34/0x41c0 [ 39.627339] ? errseq_sample+0x56/0x70 [ 39.631216] ? vm_insert_page+0x9c0/0x9c0 [ 39.635355] ? __do_page_fault+0x71b/0xde0 [ 39.639567] ? __fdget+0x1a0/0x230 [ 39.643086] __x64_sys_sendmsg+0x132/0x220 [ 39.647301] ? __sys_sendmsg+0x1b0/0x1b0 [ 39.651349] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.656082] ? trace_hardirqs_off_caller+0x69/0x210 [ 39.661077] ? do_syscall_64+0x21/0x620 [ 39.665033] do_syscall_64+0xf9/0x620 [ 39.668820] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.673985] RIP: 0033:0x440359 [ 39.677157] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 39.696037] RSP: 002b:00007ffe4e1557d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.703734] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440359 [ 39.710997] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 39.718247] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 39.725513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b60 [ 39.732774] R13: 0000000000401bf0 R14: 0000000000000000 R15: 0000000000000000 [ 39.740044] [ 39.741666] The buggy address belongs to the variable: [ 39.746961] nft_flow_offload_policy+0x38/0x100 [ 39.751600] [ 39.753204] Memory state around the buggy address: [ 39.758110] ffffffff8830e480: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00 [ 39.765447] ffffffff8830e500: 00 00 00 00 00 fa fa fa fa fa fa fa 00 05 fa fa [ 39.772787] >ffffffff8830e580: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 07 fa [ 39.780142] ^ [ 39.786355] ffffffff8830e600: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00 [ 39.793691] ffffffff8830e680: fa fa fa fa 00 00 00 00 00 00 fa fa fa fa fa fa [ 39.801025] ================================================================== [ 39.808356] Disabling lock debugging due to kernel taint [ 39.814379] Kernel panic - not syncing: panic_on_warn set ... [ 39.814379] [ 39.821840] CPU: 1 PID: 6477 Comm: syz-executor048 Tainted: G B 4.19.139-syzkaller #0 [ 39.831107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.840459] Call Trace: [ 39.843049] dump_stack+0x1fc/0x2fe [ 39.846667] panic+0x26a/0x50e [ 39.849836] ? __warn_printk+0xf3/0xf3 [ 39.853699] ? preempt_schedule_common+0x45/0xc0 [ 39.858433] ? ___preempt_schedule+0x16/0x18 [ 39.862816] ? trace_hardirqs_on+0x55/0x210 [ 39.867116] kasan_end_report+0x43/0x49 [ 39.871065] kasan_report_error.cold+0xa7/0x1c7 [ 39.875712] ? nfnetlink_parse_nat_setup+0x5ed/0x640 [ 39.880789] __asan_report_load8_noabort+0x88/0x90 [ 39.885696] ? nfnetlink_parse_nat_setup+0x5ed/0x640 [ 39.890776] nfnetlink_parse_nat_setup+0x5ed/0x640 [ 39.895683] ? nf_nat_inet_fn+0xb00/0xb00 [ 39.899813] ctnetlink_parse_nat_setup+0xb6/0x640 [ 39.904653] ctnetlink_create_conntrack+0x4bb/0x12c0 [ 39.909733] ? ctnetlink_change_synproxy.isra.0+0x380/0x380 [ 39.915420] ? hash_conntrack_raw+0x2d6/0x460 [ 39.919890] ? nf_ct_get_tuplepr+0x310/0x310 [ 39.924275] ? nf_ct_gc_expired+0x300/0x300 [ 39.928574] ? nfnetlink_rcv_msg+0x98d/0xf60 [ 39.932977] ctnetlink_new_conntrack+0x4f3/0xde0 [ 39.937730] ? ctnetlink_create_conntrack+0x12c0/0x12c0 [ 39.943096] ? nfnetlink_rcv_msg+0x98d/0xf60 [ 39.947501] ? nfnetlink_rcv_msg+0x95a/0xf60 [ 39.951891] ? ctnetlink_create_conntrack+0x12c0/0x12c0 [ 39.957232] nfnetlink_rcv_msg+0xc4f/0xf60 [ 39.961447] ? nfnetlink_net_exit_batch+0x150/0x150 [ 39.966449] ? __lock_acquire+0x6de/0x3ff0 [ 39.970661] ? cred_has_capability.isra.0+0x139/0x2b0 [ 39.975946] ? cred_has_capability.isra.0+0x1b0/0x2b0 [ 39.981113] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 39.986016] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 39.990939] netlink_rcv_skb+0x160/0x440 [ 39.994979] ? nfnetlink_net_exit_batch+0x150/0x150 [ 39.999970] ? netlink_ack+0xae0/0xae0 [ 40.003835] ? ns_capable+0xde/0x100 [ 40.007527] nfnetlink_rcv+0x1b2/0x41b [ 40.011412] ? nfnetlink_rcv_batch+0x1df0/0x1df0 [ 40.016146] netlink_unicast+0x4d5/0x690 [ 40.020197] ? netlink_sendskb+0x110/0x110 [ 40.024425] netlink_sendmsg+0x6bb/0xc40 [ 40.028465] ? nlmsg_notify+0x1a0/0x1a0 [ 40.032415] ? kernel_recvmsg+0x220/0x220 [ 40.036542] ? nlmsg_notify+0x1a0/0x1a0 [ 40.040508] sock_sendmsg+0xc3/0x120 [ 40.044205] ___sys_sendmsg+0x7bb/0x8e0 [ 40.048239] ? copy_msghdr_from_user+0x440/0x440 [ 40.052981] ? do_huge_pmd_anonymous_page+0x939/0x1cc0 [ 40.058249] ? prep_transhuge_page+0xa0/0xa0 [ 40.062639] ? check_preemption_disabled+0x41/0x280 [ 40.067635] ? mark_held_locks+0xf0/0xf0 [ 40.071674] ? __handle_mm_fault+0xf34/0x41c0 [ 40.076146] ? errseq_sample+0x56/0x70 [ 40.080010] ? vm_insert_page+0x9c0/0x9c0 [ 40.084148] ? __do_page_fault+0x71b/0xde0 [ 40.088392] ? __fdget+0x1a0/0x230 [ 40.092022] __x64_sys_sendmsg+0x132/0x220 [ 40.096254] ? __sys_sendmsg+0x1b0/0x1b0 [ 40.100301] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.105081] ? trace_hardirqs_off_caller+0x69/0x210 [ 40.110075] ? do_syscall_64+0x21/0x620 [ 40.114034] do_syscall_64+0xf9/0x620 [ 40.117812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.122977] RIP: 0033:0x440359 [ 40.126146] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.145062] RSP: 002b:00007ffe4e1557d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 40.152746] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440359 [ 40.159992] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 40.167239] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 40.174486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b60 [ 40.181748] R13: 0000000000401bf0 R14: 0000000000000000 R15: 0000000000000000 [ 40.190193] Kernel Offset: disabled [ 40.193811] Rebooting in 86400 seconds..