[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.994532] audit: type=1400 audit(1591447222.218:8): avc:  denied  { execmem } for  pid=6335 comm="syz-executor019" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   32.043940] netlink: 20 bytes leftover after parsing attributes in process `syz-executor019'.
[   32.053120] ==================================================================
[   32.060594] BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x373/0x380
[   32.068727] Read of size 8 at addr ffffffff871c7398 by task syz-executor019/6337
[   32.076238] 
[   32.077843] CPU: 0 PID: 6337 Comm: syz-executor019 Not tainted 4.14.183-syzkaller #0
[   32.085803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.095307] Call Trace:
[   32.097892]  dump_stack+0x1b2/0x283
[   32.101513]  ? nfnetlink_parse_nat_setup+0x373/0x380
[   32.106594]  print_address_description.cold+0x5/0x1dc
[   32.111809]  ? nfnetlink_parse_nat_setup+0x373/0x380
[   32.116900]  kasan_report.cold+0xa9/0x2b9
[   32.121040]  nfnetlink_parse_nat_setup+0x373/0x380
[   32.125966]  ? nf_nat_alloc_null_binding+0x40/0x40
[   32.130875]  ? __nf_conntrack_alloc.isra.0+0xa2/0x550
[   32.136062]  ? nf_nat_alloc_null_binding+0x40/0x40
[   32.141079]  ctnetlink_parse_nat_setup+0x70/0x490
[   32.145902]  ctnetlink_create_conntrack+0x477/0x1040
[   32.151432]  ? queue_work_on+0xf7/0x1d0
[   32.155996]  ? ctnetlink_glue_parse+0x440/0x440
[   32.160657]  ? __do_once_done+0x1be/0x240
[   32.164809]  ? hash_conntrack_raw.isra.0+0x2b0/0x3f0
[   32.170002]  ? __nf_ct_refresh_acct+0x240/0x240
[   32.174650]  ctnetlink_new_conntrack+0x45f/0xbf4
[   32.179384]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   32.184728]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   32.190160]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   32.195498]  nfnetlink_rcv_msg+0x9e1/0xc00
[   32.199733]  netlink_rcv_skb+0x127/0x370
[   32.203775]  ? __lock_acquire+0x563/0x42a0
[   32.207986]  ? nfnetlink_net_exit_batch+0x150/0x150
[   32.212979]  ? netlink_ack+0x970/0x970
[   32.216863]  ? ns_capable_common+0x127/0x150
[   32.221247]  nfnetlink_rcv+0x1ab/0x1650
[   32.225213]  ? trace_hardirqs_on+0x10/0x10
[   32.229436]  ? pipe_to_sendpage+0x226/0x2d0
[   32.233731]  ? __netlink_lookup+0x332/0x5c0
[   32.238028]  ? lock_downgrade+0x6e0/0x6e0
[   32.242150]  ? nfnl_err_del+0x150/0x150
[   32.246097]  ? netlink_seq_start+0x120/0x120
[   32.250479]  ? netlink_deliver_tap+0x90/0x860
[   32.254951]  ? rcu_is_watching+0x11/0xb0
[   32.258987]  ? lock_downgrade+0x6e0/0x6e0
[   32.263135]  netlink_unicast+0x437/0x610
[   32.267171]  ? netlink_sendskb+0x50/0x50
[   32.271209]  netlink_sendmsg+0x64a/0xbb0
[   32.275263]  ? nlmsg_notify+0x160/0x160
[   32.279228]  ? security_socket_sendmsg+0x83/0xb0
[   32.283975]  ? nlmsg_notify+0x160/0x160
[   32.287924]  sock_sendmsg+0xb5/0x100
[   32.291629]  sock_no_sendpage+0xe5/0x110
[   32.295688]  ? sk_clear_memalloc+0x120/0x120
[   32.300099]  ? sk_clear_memalloc+0x120/0x120
[   32.304519]  kernel_sendpage+0x82/0xd0
[   32.308390]  sock_sendpage+0x84/0xa0
[   32.312095]  pipe_to_sendpage+0x226/0x2d0
[   32.316227]  ? kernel_sendpage+0xd0/0xd0
[   32.320280]  ? direct_splice_actor+0x160/0x160
[   32.324860]  ? splice_from_pipe_next.part.0+0x1e4/0x290
[   32.330200]  __splice_from_pipe+0x332/0x740
[   32.334502]  ? direct_splice_actor+0x160/0x160
[   32.339072]  ? direct_splice_actor+0x160/0x160
[   32.343628]  splice_from_pipe+0xc6/0x120
[   32.347665]  ? splice_shrink_spd+0xb0/0xb0
[   32.351879]  ? rw_verify_area+0xe1/0x290
[   32.355934]  ? splice_from_pipe+0x120/0x120
[   32.360229]  SyS_splice+0xca0/0x1230
[   32.363938]  ? lock_downgrade+0x6e0/0x6e0
[   32.368060]  ? compat_SyS_vmsplice+0x150/0x150
[   32.372636]  ? do_syscall_64+0x4c/0x640
[   32.376584]  ? compat_SyS_vmsplice+0x150/0x150
[   32.381154]  do_syscall_64+0x1d5/0x640
[   32.385045]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.390227] RIP: 0033:0x445959
[   32.393408] RSP: 002b:00007f50a4df8d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   32.401110] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445959
[   32.408441] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   32.415686] RBP: 00000000006dac50 R08: 000000000004ffe0 R09: 0000000000000000
[   32.423113] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c
[   32.430360] R13: 00000000004ade28 R14: 0000000000000006 R15: 0000000000000018
[   32.437718] 
[   32.439319] The buggy address belongs to the variable:
[   32.444585]  nft_quota_ops+0xb8/0xc0
[   32.448275] 
[   32.449875] Memory state around the buggy address:
[   32.454790]  ffffffff871c7280: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 00
[   32.462137]  ffffffff871c7300: 00 00 00 00 00 00 00 fa fa fa fa fa 06 fa fa fa
[   32.469482] >ffffffff871c7380: fa fa fa fa 00 00 00 00 00 00 fa fa fa fa fa fa
[   32.476829]                             ^
[   32.480966]  ffffffff871c7400: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
[   32.489288]  ffffffff871c7480: 00 00 00 03 fa fa fa fa 04 fa fa fa fa fa fa fa
[   32.496627] ==================================================================
[   32.503963] Disabling lock debugging due to kernel taint
[   32.519548] Kernel panic - not syncing: panic_on_warn set ...
[   32.519548] 
[   32.526940] CPU: 1 PID: 6337 Comm: syz-executor019 Tainted: G    B           4.14.183-syzkaller #0
[   32.536949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.546307] Call Trace:
[   32.548879]  dump_stack+0x1b2/0x283
[   32.552484]  panic+0x1f9/0x42d
[   32.555723]  ? add_taint.cold+0x16/0x16
[   32.559684]  ? preempt_schedule_common+0x4a/0xc0
[   32.564425]  ? nfnetlink_parse_nat_setup+0x373/0x380
[   32.569505]  ? ___preempt_schedule+0x16/0x18
[   32.573909]  ? nfnetlink_parse_nat_setup+0x373/0x380
[   32.578999]  kasan_end_report+0x43/0x49
[   32.582962]  kasan_report.cold+0x12f/0x2b9
[   32.587186]  nfnetlink_parse_nat_setup+0x373/0x380
[   32.592089]  ? nf_nat_alloc_null_binding+0x40/0x40
[   32.596993]  ? __nf_conntrack_alloc.isra.0+0xa2/0x550
[   32.602155]  ? nf_nat_alloc_null_binding+0x40/0x40
[   32.607058]  ctnetlink_parse_nat_setup+0x70/0x490
[   32.611891]  ctnetlink_create_conntrack+0x477/0x1040
[   32.616967]  ? queue_work_on+0xf7/0x1d0
[   32.620915]  ? ctnetlink_glue_parse+0x440/0x440
[   32.625578]  ? __do_once_done+0x1be/0x240
[   32.629708]  ? hash_conntrack_raw.isra.0+0x2b0/0x3f0
[   32.634796]  ? __nf_ct_refresh_acct+0x240/0x240
[   32.639443]  ctnetlink_new_conntrack+0x45f/0xbf4
[   32.644188]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   32.649547]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[   32.654990]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   32.660332]  nfnetlink_rcv_msg+0x9e1/0xc00
[   32.664549]  netlink_rcv_skb+0x127/0x370
[   32.668595]  ? __lock_acquire+0x563/0x42a0
[   32.672802]  ? nfnetlink_net_exit_batch+0x150/0x150
[   32.677844]  ? netlink_ack+0x970/0x970
[   32.681716]  ? ns_capable_common+0x127/0x150
[   32.686105]  nfnetlink_rcv+0x1ab/0x1650
[   32.690062]  ? trace_hardirqs_on+0x10/0x10
[   32.694292]  ? pipe_to_sendpage+0x226/0x2d0
[   32.698605]  ? __netlink_lookup+0x332/0x5c0
[   32.702903]  ? lock_downgrade+0x6e0/0x6e0
[   32.707043]  ? nfnl_err_del+0x150/0x150
[   32.711125]  ? netlink_seq_start+0x120/0x120
[   32.715509]  ? netlink_deliver_tap+0x90/0x860
[   32.719983]  ? rcu_is_watching+0x11/0xb0
[   32.724021]  ? lock_downgrade+0x6e0/0x6e0
[   32.728215]  netlink_unicast+0x437/0x610
[   32.732371]  ? netlink_sendskb+0x50/0x50
[   32.736433]  netlink_sendmsg+0x64a/0xbb0
[   32.740498]  ? nlmsg_notify+0x160/0x160
[   32.744465]  ? security_socket_sendmsg+0x83/0xb0
[   32.749306]  ? nlmsg_notify+0x160/0x160
[   32.753347]  sock_sendmsg+0xb5/0x100
[   32.757054]  sock_no_sendpage+0xe5/0x110
[   32.761091]  ? sk_clear_memalloc+0x120/0x120
[   32.765490]  ? sk_clear_memalloc+0x120/0x120
[   32.769885]  kernel_sendpage+0x82/0xd0
[   32.773747]  sock_sendpage+0x84/0xa0
[   32.777434]  pipe_to_sendpage+0x226/0x2d0
[   32.781554]  ? kernel_sendpage+0xd0/0xd0
[   32.785589]  ? direct_splice_actor+0x160/0x160
[   32.790158]  ? splice_from_pipe_next.part.0+0x1e4/0x290
[   32.795508]  __splice_from_pipe+0x332/0x740
[   32.799803]  ? direct_splice_actor+0x160/0x160
[   32.804359]  ? direct_splice_actor+0x160/0x160
[   32.808930]  splice_from_pipe+0xc6/0x120
[   32.812983]  ? splice_shrink_spd+0xb0/0xb0
[   32.817192]  ? rw_verify_area+0xe1/0x290
[   32.821226]  ? splice_from_pipe+0x120/0x120
[   32.825518]  SyS_splice+0xca0/0x1230
[   32.829209]  ? lock_downgrade+0x6e0/0x6e0
[   32.833333]  ? compat_SyS_vmsplice+0x150/0x150
[   32.837901]  ? do_syscall_64+0x4c/0x640
[   32.841849]  ? compat_SyS_vmsplice+0x150/0x150
[   32.846411]  do_syscall_64+0x1d5/0x640
[   32.850275]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.855481] RIP: 0033:0x445959
[   32.858658] RSP: 002b:00007f50a4df8d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   32.866338] RAX: ffffffffffffffda RBX: 00000000006dac58 RCX: 0000000000445959
[   32.873594] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   32.880840] RBP: 00000000006dac50 R08: 000000000004ffe0 R09: 0000000000000000
[   32.888093] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c
[   32.895346] R13: 00000000004ade28 R14: 0000000000000006 R15: 0000000000000018
[   32.904126] Kernel Offset: disabled
[   32.907743] Rebooting in 86400 seconds..