ell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 35.449349] audit: type=1800 audit(1583618697.558:34): pid=7231 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 39.940339] random: sshd: uninitialized urandom read (32 bytes read)
[ 40.241399] audit: type=1400 audit(1583618702.398:35): avc: denied { map } for pid=7405 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 40.293155] random: sshd: uninitialized urandom read (32 bytes read)
[ 41.017541] random: sshd: uninitialized urandom read (32 bytes read)
[ 41.212545] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts.
[ 46.739703] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 46.867648] audit: type=1400 audit(1583618709.018:36): avc: denied { map } for pid=7417 comm="syz-executor585" path="/root/syz-executor585694863" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 46.894152] ==================================================================
[ 46.894623] audit: type=1400 audit(1583618709.028:37): avc: denied { create } for pid=7417 comm="syz-executor585" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[ 46.901619] BUG: KASAN: stack-out-of-bounds in nft_range_dump+0x1ab/0x1d0
[ 46.901626] Read of size 1 at addr ffff888086b172c8 by task syz-executor585/7417
[ 46.901628]
[ 46.901636] CPU: 0 PID: 7417 Comm: syz-executor585 Not tainted 4.14.172-syzkaller #0
[ 46.901640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 46.901643] Call Trace:
[ 46.901655] dump_stack+0x13e/0x194
[ 46.901663] ? nft_range_dump+0x1ab/0x1d0
[ 46.901674] print_address_description.cold+0x7c/0x1e2
[ 46.901682] ? nft_range_dump+0x1ab/0x1d0
[ 46.901689] kasan_report.cold+0xa9/0x2ae
[ 46.901699] nft_range_dump+0x1ab/0x1d0
[ 46.901707] ? nft_cmp_init+0x230/0x230
[ 46.901718] nfnetlink_parse_nat_setup+0x1e0/0x370
[ 46.901729] ? nf_nat_alloc_null_binding+0x40/0x40
[ 46.901747] ? nf_nat_alloc_null_binding+0x40/0x40
[ 46.901757] ctnetlink_parse_nat_setup+0x70/0x490
[ 46.927054] audit: type=1400 audit(1583618709.028:38): avc: denied { write } for pid=7417 comm="syz-executor585" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[ 46.933565] ctnetlink_create_conntrack+0x477/0x1040
[ 46.933574] ? ctnetlink_del_conntrack+0x5a0/0x5a0
[ 46.933585] ? __do_once_done+0x1be/0x240
[ 47.049759] ? hash_conntrack_raw+0x2ab/0x410
[ 47.054241] ? nf_ct_get_id+0x160/0x160
[ 47.058213] ctnetlink_new_conntrack+0x460/0xc30
[ 47.063135] ? ctnetlink_create_conntrack+0x1040/0x1040
[ 47.068491] ? mutex_trylock+0x1a0/0x1a0
[ 47.072542] ? ctnetlink_create_conntrack+0x1040/0x1040
[ 47.077883] nfnetlink_rcv_msg+0xa08/0xc00
[ 47.082120] ? __kernel_text_address+0x9/0x30
[ 47.086598] netlink_rcv_skb+0x127/0x370
[ 47.090638] ? __lock_acquire+0x513/0x4620
[ 47.094866] ? nfnetlink_bind+0x240/0x240
[ 47.098991] ? netlink_ack+0x960/0x960
[ 47.102857] ? ns_capable_common+0x127/0x150
[ 47.107269] nfnetlink_rcv+0x1ab/0x1650
[ 47.111263] ? find_held_lock+0x2d/0x110
[ 47.115329] ? __netlink_lookup+0x2de/0x590
[ 47.119636] ? save_trace+0x290/0x290
[ 47.123438] ? save_trace+0x290/0x290
[ 47.127223] ? nfnl_err_del+0x150/0x150
[ 47.131178] ? find_held_lock+0x2d/0x110
[ 47.135227] ? netlink_deliver_tap+0x90/0x860
[ 47.139770] ? rcu_is_watching+0x11/0xb0
[ 47.143873] ? lock_downgrade+0x6e0/0x6e0
[ 47.148008] netlink_unicast+0x437/0x620
[ 47.152055] ? netlink_attachskb+0x600/0x600
[ 47.156464] netlink_sendmsg+0x733/0xbe0
[ 47.160523] ? netlink_unicast+0x620/0x620
[ 47.164793] ? SYSC_sendto+0x2b0/0x2b0
[ 47.168671] ? security_socket_sendmsg+0x83/0xb0
[ 47.173424] ? netlink_unicast+0x620/0x620
[ 47.177654] sock_sendmsg+0xc5/0x100
[ 47.181350] ___sys_sendmsg+0x70a/0x840
[ 47.185307] ? copy_msghdr_from_user+0x380/0x380
[ 47.190061] ? trace_hardirqs_on+0x10/0x10
[ 47.194278] ? save_trace+0x290/0x290
[ 47.198413] ? selinux_file_alloc_security+0xaf/0x190
[ 47.203587] ? __lock_is_held+0xad/0x140
[ 47.207626] ? lock_downgrade+0x6e0/0x6e0
[ 47.211767] ? __fget_light+0x16a/0x1f0
[ 47.215726] ? sockfd_lookup_light+0xb2/0x160
[ 47.220201] __sys_sendmsg+0xa3/0x120
[ 47.223981] ? SyS_shutdown+0x160/0x160
[ 47.227935] ? move_addr_to_kernel+0x60/0x60
[ 47.232330] ? __do_page_fault+0x35b/0xb40
[ 47.236546] SyS_sendmsg+0x27/0x40
[ 47.240064] ? __sys_sendmsg+0x120/0x120
[ 47.244105] do_syscall_64+0x1d5/0x640
[ 47.247984] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 47.253153] RIP: 0033:0x440239
[ 47.256334] RSP: 002b:00007fff1b318b88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 47.264044] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239
[ 47.271424] RDX: 0000000000000000 RSI: 0000000020000640 RDI: 0000000000000003
[ 47.278747] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[ 47.286004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0
[ 47.293273] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000
[ 47.300666]
[ 47.302276] The buggy address belongs to the page:
[ 47.307188] page:ffffea00021ac5c0 count:0 mapcount:0 mapping: (null) index:0x0
[ 47.315335] flags: 0xfffe0000000000()
[ 47.319118] raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 47.326995] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[ 47.334863] page dumped because: kasan: bad access detected
[ 47.340553]
[ 47.342186] Memory state around the buggy address:
[ 47.347108] ffff888086b17180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 47.354447] ffff888086b17200: 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00
[ 47.361783] >ffff888086b17280: f1 f1 f1 f1 00 00 00 00 00 f2 f2 f2 f2 f2 00 00
[ 47.369132] ^
[ 47.374825] ffff888086b17300: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[ 47.383042] ffff888086b17380: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f2
[ 47.390410] ==================================================================
[ 47.397779] Disabling lock debugging due to kernel taint
[ 47.404284] Kernel panic - not syncing: panic_on_warn set ...
[ 47.404284]
[ 47.411667] CPU: 0 PID: 7417 Comm: syz-executor585 Tainted: G B 4.14.172-syzkaller #0
[ 47.420741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 47.430073] Call Trace:
[ 47.432644] dump_stack+0x13e/0x194
[ 47.436269] panic+0x1f9/0x42d
[ 47.439436] ? add_taint.cold+0x16/0x16
[ 47.443409] ? preempt_schedule_common+0x4a/0xc0
[ 47.448156] ? nft_range_dump+0x1ab/0x1d0
[ 47.452284] ? ___preempt_schedule+0x16/0x18
[ 47.456670] ? nft_range_dump+0x1ab/0x1d0
[ 47.460810] kasan_end_report+0x43/0x49
[ 47.464782] kasan_report.cold+0x12f/0x2ae
[ 47.469063] nft_range_dump+0x1ab/0x1d0
[ 47.473049] ? nft_cmp_init+0x230/0x230
[ 47.477017] nfnetlink_parse_nat_setup+0x1e0/0x370
[ 47.481942] ? nf_nat_alloc_null_binding+0x40/0x40
[ 47.486863] ? nf_nat_alloc_null_binding+0x40/0x40
[ 47.491792] ctnetlink_parse_nat_setup+0x70/0x490
[ 47.496617] ctnetlink_create_conntrack+0x477/0x1040
[ 47.501715] ? ctnetlink_del_conntrack+0x5a0/0x5a0
[ 47.506630] ? __do_once_done+0x1be/0x240
[ 47.510765] ? hash_conntrack_raw+0x2ab/0x410
[ 47.515234] ? nf_ct_get_id+0x160/0x160
[ 47.519189] ctnetlink_new_conntrack+0x460/0xc30
[ 47.523922] ? ctnetlink_create_conntrack+0x1040/0x1040
[ 47.529275] ? mutex_trylock+0x1a0/0x1a0
[ 47.533327] ? ctnetlink_create_conntrack+0x1040/0x1040
[ 47.538670] nfnetlink_rcv_msg+0xa08/0xc00
[ 47.542886] ? __kernel_text_address+0x9/0x30
[ 47.547362] netlink_rcv_skb+0x127/0x370
[ 47.551413] ? __lock_acquire+0x513/0x4620
[ 47.555623] ? nfnetlink_bind+0x240/0x240
[ 47.559749] ? netlink_ack+0x960/0x960
[ 47.563612] ? ns_capable_common+0x127/0x150
[ 47.568009] nfnetlink_rcv+0x1ab/0x1650
[ 47.571964] ? find_held_lock+0x2d/0x110
[ 47.576001] ? __netlink_lookup+0x2de/0x590
[ 47.580365] ? save_trace+0x290/0x290
[ 47.584147] ? save_trace+0x290/0x290
[ 47.587971] ? nfnl_err_del+0x150/0x150
[ 47.591945] ? find_held_lock+0x2d/0x110
[ 47.595994] ? netlink_deliver_tap+0x90/0x860
[ 47.600479] ? rcu_is_watching+0x11/0xb0
[ 47.604517] ? lock_downgrade+0x6e0/0x6e0
[ 47.608645] netlink_unicast+0x437/0x620
[ 47.612685] ? netlink_attachskb+0x600/0x600
[ 47.617072] netlink_sendmsg+0x733/0xbe0
[ 47.621108] ? netlink_unicast+0x620/0x620
[ 47.625318] ? SYSC_sendto+0x2b0/0x2b0
[ 47.629184] ? security_socket_sendmsg+0x83/0xb0
[ 47.633928] ? netlink_unicast+0x620/0x620
[ 47.638140] sock_sendmsg+0xc5/0x100
[ 47.641847] ___sys_sendmsg+0x70a/0x840
[ 47.645797] ? copy_msghdr_from_user+0x380/0x380
[ 47.650532] ? trace_hardirqs_on+0x10/0x10
[ 47.654749] ? save_trace+0x290/0x290
[ 47.658538] ? selinux_file_alloc_security+0xaf/0x190
[ 47.663707] ? __lock_is_held+0xad/0x140
[ 47.667743] ? lock_downgrade+0x6e0/0x6e0
[ 47.671878] ? __fget_light+0x16a/0x1f0
[ 47.675847] ? sockfd_lookup_light+0xb2/0x160
[ 47.680326] __sys_sendmsg+0xa3/0x120
[ 47.684120] ? SyS_shutdown+0x160/0x160
[ 47.688081] ? move_addr_to_kernel+0x60/0x60
[ 47.692492] ? __do_page_fault+0x35b/0xb40
[ 47.696812] SyS_sendmsg+0x27/0x40
[ 47.700346] ? __sys_sendmsg+0x120/0x120
[ 47.704402] do_syscall_64+0x1d5/0x640
[ 47.708274] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 47.713464] RIP: 0033:0x440239
[ 47.716644] RSP: 002b:00007fff1b318b88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 47.724345] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239
[ 47.732445] RDX: 0000000000000000 RSI: 0000000020000640 RDI: 0000000000000003
[ 47.739746] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[ 47.747854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0
[ 47.755223] R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000
[ 47.764247] Kernel Offset: disabled
[ 47.767900] Rebooting in 86400 seconds..