[   33.912796] audit: type=1800 audit(1583689843.655:33): pid=7158 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   33.939724] audit: type=1800 audit(1583689843.655:34): pid=7158 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   38.181015] random: sshd: uninitialized urandom read (32 bytes read)
[   38.430988] audit: type=1400 audit(1583689848.175:35): avc:  denied  { map } for  pid=7332 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   38.474414] random: sshd: uninitialized urandom read (32 bytes read)
[   39.178098] random: sshd: uninitialized urandom read (32 bytes read)
[   41.733367] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.37' (ECDSA) to the list of known hosts.
[   47.364203] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   47.493858] audit: type=1400 audit(1583689857.235:36): avc:  denied  { map } for  pid=7344 comm="syz-executor611" path="/root/syz-executor611707297" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   47.497004] netlink: 20 bytes leftover after parsing attributes in process `syz-executor611'.
[   47.520229] audit: type=1400 audit(1583689857.235:37): avc:  denied  { create } for  pid=7344 comm="syz-executor611" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   47.520250] audit: type=1400 audit(1583689857.235:38): avc:  denied  { write } for  pid=7344 comm="syz-executor611" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   47.578118] ==================================================================
[   47.585534] BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x364/0x370
[   47.593508] Read of size 8 at addr ffffffff873c8e38 by task syz-executor611/7344
[   47.601020] 
[   47.602631] CPU: 1 PID: 7344 Comm: syz-executor611 Not tainted 4.14.172-syzkaller #0
[   47.610502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.619861] Call Trace:
[   47.622440]  dump_stack+0x13e/0x194
[   47.626059]  ? nfnetlink_parse_nat_setup+0x364/0x370
[   47.631162]  print_address_description.cold+0x5/0x1e2
[   47.636340]  ? nfnetlink_parse_nat_setup+0x364/0x370
[   47.641514]  kasan_report.cold+0xa9/0x2ae
[   47.645652]  nfnetlink_parse_nat_setup+0x364/0x370
[   47.650568]  ? nf_nat_alloc_null_binding+0x40/0x40
[   47.655506]  ? nf_nat_alloc_null_binding+0x40/0x40
[   47.660433]  ctnetlink_parse_nat_setup+0x70/0x490
[   47.665258]  ctnetlink_create_conntrack+0x437/0x1040
[   47.670341]  ? ctnetlink_del_conntrack+0x5a0/0x5a0
[   47.675251]  ? __do_once_done+0x1be/0x240
[   47.679381]  ? hash_conntrack_raw+0x2ab/0x410
[   47.683857]  ? nf_ct_get_id+0x160/0x160
[   47.687819]  ctnetlink_new_conntrack+0x460/0xc30
[   47.692575]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   47.697969]  ? mutex_trylock+0x1a0/0x1a0
[   47.702020]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   47.707382]  nfnetlink_rcv_msg+0xa08/0xc00
[   47.711627]  ? __kernel_text_address+0x9/0x30
[   47.716113]  netlink_rcv_skb+0x127/0x370
[   47.720156]  ? __lock_acquire+0x513/0x4620
[   47.724371]  ? nfnetlink_bind+0x240/0x240
[   47.728499]  ? netlink_ack+0x960/0x960
[   47.732371]  ? ns_capable_common+0x127/0x150
[   47.736777]  nfnetlink_rcv+0x1ab/0x1650
[   47.740787]  ? find_held_lock+0x2d/0x110
[   47.744835]  ? __netlink_lookup+0x2de/0x590
[   47.749140]  ? save_trace+0x290/0x290
[   47.753048]  ? save_trace+0x290/0x290
[   47.756834]  ? nfnl_err_del+0x150/0x150
[   47.760792]  ? find_held_lock+0x2d/0x110
[   47.764853]  ? netlink_deliver_tap+0x90/0x860
[   47.769332]  ? rcu_is_watching+0x11/0xb0
[   47.773378]  ? lock_downgrade+0x6e0/0x6e0
[   47.777508]  netlink_unicast+0x437/0x620
[   47.781550]  ? netlink_attachskb+0x600/0x600
[   47.785940]  netlink_sendmsg+0x733/0xbe0
[   47.790000]  ? netlink_unicast+0x620/0x620
[   47.794236]  ? SYSC_sendto+0x2b0/0x2b0
[   47.798118]  ? security_socket_sendmsg+0x83/0xb0
[   47.802862]  ? netlink_unicast+0x620/0x620
[   47.807092]  sock_sendmsg+0xc5/0x100
[   47.810788]  ___sys_sendmsg+0x70a/0x840
[   47.814831]  ? do_huge_pmd_anonymous_page+0xc63/0x11e0
[   47.820101]  ? copy_msghdr_from_user+0x380/0x380
[   47.824839]  ? lock_downgrade+0x6e0/0x6e0
[   47.828967]  ? __lru_cache_add+0x17b/0x250
[   47.833202]  ? do_raw_spin_unlock+0x164/0x250
[   47.837689]  ? _raw_spin_unlock+0x29/0x40
[   47.841824]  ? prep_transhuge_page+0xa0/0xa0
[   47.846214]  ? pud_val+0x6c/0xd0
[   47.849852]  ? pmd_val+0xd0/0xd0
[   47.853201]  ? trace_hardirqs_on+0x10/0x10
[   47.857425]  ? __handle_mm_fault+0x644/0x3280
[   47.861905]  ? save_trace+0x290/0x290
[   47.865834]  ? copy_page_range+0x1d70/0x1d70
[   47.870228]  ? __fget_light+0x16a/0x1f0
[   47.874246]  ? sockfd_lookup_light+0xb2/0x160
[   47.878722]  __sys_sendmsg+0xa3/0x120
[   47.882507]  ? SyS_shutdown+0x160/0x160
[   47.886509]  ? up_read+0x17/0x30
[   47.889856]  ? __do_page_fault+0x35b/0xb40
[   47.894073]  SyS_sendmsg+0x27/0x40
[   47.897591]  ? __sys_sendmsg+0x120/0x120
[   47.901632]  do_syscall_64+0x1d5/0x640
[   47.905531]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   47.910701] RIP: 0033:0x4401a9
[   47.913871] RSP: 002b:00007fff4821d358 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   47.921565] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   47.928833] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   47.936109] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   47.943358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   47.950624] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   47.957883] 
[   47.959489] The buggy address belongs to the variable:
[   47.964748]  nft_bitwise_policy+0xb8/0xc0
[   47.968886] 
[   47.970490] Memory state around the buggy address:
[   47.975413]  ffffffff873c8d00: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
[   47.982804]  ffffffff873c8d80: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
[   47.990210] >ffffffff873c8e00: 00 02 fa fa fa fa fa fa 00 00 00 00 00 00 00 00
[   47.997551]                                         ^
[   48.002753]  ffffffff873c8e80: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00
[   48.010108]  ffffffff873c8f00: 00 00 00 00 fa fa fa fa 00 00 00 04 fa fa fa fa
[   48.017453] ==================================================================
[   48.024790] Disabling lock debugging due to kernel taint
[   48.030781] Kernel panic - not syncing: panic_on_warn set ...
[   48.030781] 
[   48.038191] CPU: 1 PID: 7344 Comm: syz-executor611 Tainted: G    B           4.14.172-syzkaller #0
[   48.047292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.056672] Call Trace:
[   48.059245]  dump_stack+0x13e/0x194
[   48.062898]  panic+0x1f9/0x42d
[   48.066069]  ? add_taint.cold+0x16/0x16
[   48.070082]  ? preempt_schedule_common+0x4a/0xc0
[   48.074834]  ? nfnetlink_parse_nat_setup+0x364/0x370
[   48.080048]  ? ___preempt_schedule+0x16/0x18
[   48.084495]  ? nfnetlink_parse_nat_setup+0x364/0x370
[   48.089591]  kasan_end_report+0x43/0x49
[   48.093591]  kasan_report.cold+0x12f/0x2ae
[   48.097940]  nfnetlink_parse_nat_setup+0x364/0x370
[   48.102850]  ? nf_nat_alloc_null_binding+0x40/0x40
[   48.107899]  ? nf_nat_alloc_null_binding+0x40/0x40
[   48.112867]  ctnetlink_parse_nat_setup+0x70/0x490
[   48.117688]  ctnetlink_create_conntrack+0x437/0x1040
[   48.122770]  ? ctnetlink_del_conntrack+0x5a0/0x5a0
[   48.127678]  ? __do_once_done+0x1be/0x240
[   48.131841]  ? hash_conntrack_raw+0x2ab/0x410
[   48.136314]  ? nf_ct_get_id+0x160/0x160
[   48.140267]  ctnetlink_new_conntrack+0x460/0xc30
[   48.145008]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   48.150353]  ? mutex_trylock+0x1a0/0x1a0
[   48.154396]  ? ctnetlink_create_conntrack+0x1040/0x1040
[   48.159740]  nfnetlink_rcv_msg+0xa08/0xc00
[   48.163982]  ? __kernel_text_address+0x9/0x30
[   48.168474]  netlink_rcv_skb+0x127/0x370
[   48.172514]  ? __lock_acquire+0x513/0x4620
[   48.176740]  ? nfnetlink_bind+0x240/0x240
[   48.180866]  ? netlink_ack+0x960/0x960
[   48.184731]  ? ns_capable_common+0x127/0x150
[   48.189118]  nfnetlink_rcv+0x1ab/0x1650
[   48.193096]  ? find_held_lock+0x2d/0x110
[   48.197140]  ? __netlink_lookup+0x2de/0x590
[   48.201444]  ? save_trace+0x290/0x290
[   48.205237]  ? save_trace+0x290/0x290
[   48.209016]  ? nfnl_err_del+0x150/0x150
[   48.212972]  ? find_held_lock+0x2d/0x110
[   48.217016]  ? netlink_deliver_tap+0x90/0x860
[   48.222013]  ? rcu_is_watching+0x11/0xb0
[   48.226052]  ? lock_downgrade+0x6e0/0x6e0
[   48.230182]  netlink_unicast+0x437/0x620
[   48.234236]  ? netlink_attachskb+0x600/0x600
[   48.238631]  netlink_sendmsg+0x733/0xbe0
[   48.242683]  ? netlink_unicast+0x620/0x620
[   48.247416]  ? SYSC_sendto+0x2b0/0x2b0
[   48.251303]  ? security_socket_sendmsg+0x83/0xb0
[   48.256033]  ? netlink_unicast+0x620/0x620
[   48.260244]  sock_sendmsg+0xc5/0x100
[   48.263952]  ___sys_sendmsg+0x70a/0x840
[   48.267904]  ? do_huge_pmd_anonymous_page+0xc63/0x11e0
[   48.273176]  ? copy_msghdr_from_user+0x380/0x380
[   48.277909]  ? lock_downgrade+0x6e0/0x6e0
[   48.282036]  ? __lru_cache_add+0x17b/0x250
[   48.286249]  ? do_raw_spin_unlock+0x164/0x250
[   48.290735]  ? _raw_spin_unlock+0x29/0x40
[   48.294861]  ? prep_transhuge_page+0xa0/0xa0
[   48.299258]  ? pud_val+0x6c/0xd0
[   48.302609]  ? pmd_val+0xd0/0xd0
[   48.305963]  ? trace_hardirqs_on+0x10/0x10
[   48.310190]  ? __handle_mm_fault+0x644/0x3280
[   48.314670]  ? save_trace+0x290/0x290
[   48.318652]  ? copy_page_range+0x1d70/0x1d70
[   48.323046]  ? __fget_light+0x16a/0x1f0
[   48.327005]  ? sockfd_lookup_light+0xb2/0x160
[   48.331496]  __sys_sendmsg+0xa3/0x120
[   48.335275]  ? SyS_shutdown+0x160/0x160
[   48.339227]  ? up_read+0x17/0x30
[   48.342586]  ? __do_page_fault+0x35b/0xb40
[   48.346804]  SyS_sendmsg+0x27/0x40
[   48.350324]  ? __sys_sendmsg+0x120/0x120
[   48.354364]  do_syscall_64+0x1d5/0x640
[   48.358237]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.363421] RIP: 0033:0x4401a9
[   48.366594] RSP: 002b:00007fff4821d358 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.374308] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401a9
[   48.381556] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   48.388804] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   48.396084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a30
[   48.403335] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   48.412070] Kernel Offset: disabled
[   48.415705] Rebooting in 86400 seconds..