[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   26.250105] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.290974] random: sshd: uninitialized urandom read (32 bytes read)
[   31.629689] random: sshd: uninitialized urandom read (32 bytes read)
[   32.246032] random: sshd: uninitialized urandom read (32 bytes read)
[   32.464548] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts.
[   38.162354] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[   38.287097] audit: type=1400 audit(1537746930.144:2): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5342 comm="syz-executor034"
[   38.314131] audit: type=1400 audit(1537746930.174:3): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5343 comm="syz-executor034"
executing program
executing program
[   38.341600] audit: type=1400 audit(1537746930.204:4): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5344 comm="syz-executor034"
[   38.368627] audit: type=1400 audit(1537746930.224:5): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5345 comm="syz-executor034"
executing program
executing program
[   38.395144] audit: type=1400 audit(1537746930.254:6): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5346 comm="syz-executor034"
[   38.422367] audit: type=1400 audit(1537746930.284:7): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5347 comm="syz-executor034"
executing program
executing program
[   38.449379] audit: type=1400 audit(1537746930.304:8): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5348 comm="syz-executor034"
[   38.476826] audit: type=1400 audit(1537746930.334:9): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5349 comm="syz-executor034"
executing program
executing program
executing program
executing program
executing program
[   38.504474] audit: type=1400 audit(1537746930.364:10): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5350 comm="syz-executor034"
[   38.531823] audit: type=1400 audit(1537746930.394:11): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5351 comm="syz-executor034"
executing program
executing program
executing program
executing program
executing program
executing program
[   38.647140] ==================================================================
[   38.654648] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
[   38.660782] Read of size 1 at addr ffff8801bb58f400 by task syz-executor034/5361
[   38.668340] 
[   38.669969] CPU: 0 PID: 5361 Comm: syz-executor034 Not tainted 4.19.0-rc5+ #251
[   38.677397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.686734] Call Trace:
[   38.689320]  dump_stack+0x1c4/0x2b4
[   38.692941]  ? dump_stack_print_info.cold.2+0x52/0x52
[   38.698133]  ? printk+0xa7/0xcf
[   38.701414]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   38.706166]  print_address_description.cold.8+0x9/0x1ff
[   38.711541]  kasan_report.cold.9+0x242/0x309
[   38.715945]  ? memcmp+0xe3/0x160
[   38.719301]  __asan_report_load1_noabort+0x14/0x20
[   38.724218]  memcmp+0xe3/0x160
[   38.727397]  strnstr+0x4b/0x70
[   38.730583]  __aa_lookupn_ns+0xc1/0x570
[   38.734583]  ? aa_find_ns+0x30/0x30
[   38.738219]  ? lock_acquire+0x1ed/0x520
[   38.742192]  ? __aa_lookupn_ns+0x570/0x570
[   38.746448]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.751984]  ? check_preemption_disabled+0x48/0x200
[   38.756988]  ? kasan_check_read+0x11/0x20
[   38.761138]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   38.766431]  ? rcu_bh_qs+0xc0/0xc0
[   38.769963]  ? print_usage_bug+0xc0/0xc0
[   38.774015]  aa_lookupn_ns+0x88/0x1e0
[   38.777806]  aa_fqlookupn_profile+0x1b9/0x1010
[   38.782376]  ? lru_cache_add+0x417/0xa50
[   38.786425]  ? aa_lookup_profile+0x30/0x30
[   38.790645]  ? __lock_acquire+0x7ec/0x4ec0
[   38.794902]  ? noop_count+0x40/0x40
[   38.798542]  ? rcu_bh_qs+0xc0/0xc0
[   38.802085]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.807615]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   38.813061]  ? refcount_add_not_zero_checked+0x330/0x330
[   38.818512]  ? mark_held_locks+0x130/0x130
[   38.822751]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.828282]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   38.833812]  fqlookupn_profile+0x80/0xc0
[   38.837866]  aa_label_strn_parse+0xa3a/0x1230
[   38.842360]  ? aa_label_printk+0x850/0x850
[   38.846613]  ? lockdep_on+0x50/0x50
[   38.850228]  ? graph_lock+0x170/0x170
[   38.854033]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.859576]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   38.865016]  ? refcount_add_not_zero_checked+0x330/0x330
[   38.870488]  ? graph_lock+0x170/0x170
[   38.874304]  ? find_held_lock+0x36/0x1c0
[   38.878361]  aa_label_parse+0x42/0x50
[   38.882156]  aa_change_profile+0x513/0x3510
[   38.886484]  ? lock_acquire+0x1ed/0x520
[   38.890449]  ? aa_change_hat+0x1a20/0x1a20
[   38.894672]  ? is_bpf_text_address+0xd3/0x170
[   38.899172]  ? __mutex_lock+0x85e/0x1700
[   38.903236]  ? proc_pid_attr_write+0x28a/0x540
[   38.907807]  ? mutex_trylock+0x2b0/0x2b0
[   38.911855]  ? save_stack+0xa9/0xd0
[   38.915466]  ? save_stack+0x43/0xd0
[   38.919088]  ? kasan_kmalloc+0xc7/0xe0
[   38.922984]  ? __kmalloc_track_caller+0x14a/0x750
[   38.927816]  ? memdup_user+0x2c/0xa0
[   38.931525]  ? proc_pid_attr_write+0x198/0x540
[   38.936108]  ? graph_lock+0x170/0x170
[   38.939894]  ? __x64_sys_write+0x73/0xb0
[   38.943959]  ? graph_lock+0x170/0x170
[   38.947761]  ? mark_held_locks+0x130/0x130
[   38.951985]  apparmor_setprocattr+0xaa4/0x1150
[   38.956578]  ? apparmor_task_kill+0xcb0/0xcb0
[   38.961062]  ? lock_downgrade+0x900/0x900
[   38.965208]  ? arch_local_save_flags+0x40/0x40
[   38.969811]  security_setprocattr+0x66/0xc0
[   38.974136]  proc_pid_attr_write+0x301/0x540
[   38.978547]  __vfs_write+0x119/0x9f0
[   38.982255]  ? check_preemption_disabled+0x48/0x200
[   38.987259]  ? proc_loginuid_write+0x4f0/0x4f0
[   38.991849]  ? kernel_read+0x120/0x120
[   38.995761]  ? __lock_is_held+0xb5/0x140
[   38.999818]  ? rcu_read_lock_sched_held+0x108/0x120
[   39.004841]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.010389]  ? __sb_start_write+0x1b2/0x370
[   39.014701]  vfs_write+0x1fc/0x560
[   39.018266]  ksys_write+0x101/0x260
[   39.021885]  ? __ia32_sys_read+0xb0/0xb0
[   39.025947]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   39.031505]  __x64_sys_write+0x73/0xb0
[   39.035410]  do_syscall_64+0x1b9/0x820
[   39.039299]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   39.044651]  ? syscall_return_slowpath+0x5e0/0x5e0
[   39.049572]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.054404]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.059410]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   39.064414]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.069951]  ? prepare_exit_to_usermode+0x291/0x3b0
[   39.074955]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.079791]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.084967] RIP: 0033:0x440d49
[   39.088174] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   39.107069] RSP: 002b:00007ffe47c2c688 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   39.114764] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   39.122018] RDX: 0000000000000009 RSI: 0000000020000040 RDI: 0000000000000003
[   39.129271] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   39.136525] R10: 0000000001719880 R11: 0000000000000213 R12: 00000000000096be
[   39.143794] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   39.151067] 
[   39.152679] The buggy address belongs to the page:
[   39.157592] page:ffffea0006ed63c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   39.165729] flags: 0x2fffc0000000000()
[   39.169601] raw: 02fffc0000000000 0000000000000000 ffffffff06ed0101 0000000000000000
[   39.177467] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   39.185347] page dumped because: kasan: bad access detected
[   39.191050] 
[   39.192678] Memory state around the buggy address:
[   39.197603]  ffff8801bb58f300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.204959]  ffff8801bb58f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   39.212301] >ffff8801bb58f400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   39.219641]                    ^
[   39.222991]  ffff8801bb58f480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   39.230355]  ffff8801bb58f500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00
[   39.237707] ==================================================================
[   39.245046] Disabling lock debugging due to kernel taint
[   39.251118] Kernel panic - not syncing: panic_on_warn set ...
[   39.251118] 
[   39.258510] CPU: 0 PID: 5361 Comm: syz-executor034 Tainted: G    B             4.19.0-rc5+ #251
[   39.267331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.276666] Call Trace:
[   39.279250]  dump_stack+0x1c4/0x2b4
[   39.282875]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.288050]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.292800]  panic+0x238/0x4e7
[   39.295989]  ? add_taint.cold.5+0x16/0x16
[   39.300159]  ? preempt_schedule+0x4d/0x60
[   39.304301]  ? ___preempt_schedule+0x16/0x18
[   39.308718]  ? trace_hardirqs_on+0xb4/0x310
[   39.313097]  kasan_end_report+0x47/0x4f
[   39.317058]  kasan_report.cold.9+0x76/0x309
[   39.321365]  ? memcmp+0xe3/0x160
[   39.324718]  __asan_report_load1_noabort+0x14/0x20
[   39.329636]  memcmp+0xe3/0x160
[   39.332827]  strnstr+0x4b/0x70
[   39.336025]  __aa_lookupn_ns+0xc1/0x570
[   39.340032]  ? aa_find_ns+0x30/0x30
[   39.343651]  ? lock_acquire+0x1ed/0x520
[   39.347624]  ? __aa_lookupn_ns+0x570/0x570
[   39.351844]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.357382]  ? check_preemption_disabled+0x48/0x200
[   39.362381]  ? kasan_check_read+0x11/0x20
[   39.366521]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   39.371794]  ? rcu_bh_qs+0xc0/0xc0
[   39.375333]  ? print_usage_bug+0xc0/0xc0
[   39.379399]  aa_lookupn_ns+0x88/0x1e0
[   39.383189]  aa_fqlookupn_profile+0x1b9/0x1010
[   39.387753]  ? lru_cache_add+0x417/0xa50
[   39.391811]  ? aa_lookup_profile+0x30/0x30
[   39.396044]  ? __lock_acquire+0x7ec/0x4ec0
[   39.400283]  ? noop_count+0x40/0x40
[   39.403926]  ? rcu_bh_qs+0xc0/0xc0
[   39.407456]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.412979]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   39.418432]  ? refcount_add_not_zero_checked+0x330/0x330
[   39.423877]  ? mark_held_locks+0x130/0x130
[   39.428106]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.433643]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.439182]  fqlookupn_profile+0x80/0xc0
[   39.443228]  aa_label_strn_parse+0xa3a/0x1230
[   39.447728]  ? aa_label_printk+0x850/0x850
[   39.451961]  ? lockdep_on+0x50/0x50
[   39.455588]  ? graph_lock+0x170/0x170
[   39.459383]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.464921]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   39.470372]  ? refcount_add_not_zero_checked+0x330/0x330
[   39.475824]  ? graph_lock+0x170/0x170
[   39.479626]  ? find_held_lock+0x36/0x1c0
[   39.483673]  aa_label_parse+0x42/0x50
[   39.487461]  aa_change_profile+0x513/0x3510
[   39.491769]  ? lock_acquire+0x1ed/0x520
[   39.495746]  ? aa_change_hat+0x1a20/0x1a20
[   39.499985]  ? is_bpf_text_address+0xd3/0x170
[   39.504479]  ? __mutex_lock+0x85e/0x1700
[   39.508524]  ? proc_pid_attr_write+0x28a/0x540
[   39.513119]  ? mutex_trylock+0x2b0/0x2b0
[   39.517166]  ? save_stack+0xa9/0xd0
[   39.520775]  ? save_stack+0x43/0xd0
[   39.524381]  ? kasan_kmalloc+0xc7/0xe0
[   39.528269]  ? __kmalloc_track_caller+0x14a/0x750
[   39.533096]  ? memdup_user+0x2c/0xa0
[   39.536791]  ? proc_pid_attr_write+0x198/0x540
[   39.541357]  ? graph_lock+0x170/0x170
[   39.545174]  ? __x64_sys_write+0x73/0xb0
[   39.549236]  ? graph_lock+0x170/0x170
[   39.553024]  ? mark_held_locks+0x130/0x130
[   39.557271]  apparmor_setprocattr+0xaa4/0x1150
[   39.561853]  ? apparmor_task_kill+0xcb0/0xcb0
[   39.566353]  ? lock_downgrade+0x900/0x900
[   39.570497]  ? arch_local_save_flags+0x40/0x40
[   39.575080]  security_setprocattr+0x66/0xc0
[   39.579390]  proc_pid_attr_write+0x301/0x540
[   39.583785]  __vfs_write+0x119/0x9f0
[   39.587484]  ? check_preemption_disabled+0x48/0x200
[   39.592494]  ? proc_loginuid_write+0x4f0/0x4f0
[   39.597076]  ? kernel_read+0x120/0x120
[   39.600946]  ? __lock_is_held+0xb5/0x140
[   39.605006]  ? rcu_read_lock_sched_held+0x108/0x120
[   39.610008]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.615533]  ? __sb_start_write+0x1b2/0x370
[   39.619846]  vfs_write+0x1fc/0x560
[   39.623373]  ksys_write+0x101/0x260
[   39.626984]  ? __ia32_sys_read+0xb0/0xb0
[   39.631037]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   39.636482]  __x64_sys_write+0x73/0xb0
[   39.640381]  do_syscall_64+0x1b9/0x820
[   39.644265]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   39.649615]  ? syscall_return_slowpath+0x5e0/0x5e0
[   39.654543]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.659372]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.664390]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   39.669401]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.674953]  ? prepare_exit_to_usermode+0x291/0x3b0
[   39.679961]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.684792]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   39.689966] RIP: 0033:0x440d49
[   39.693160] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   39.712046] RSP: 002b:00007ffe47c2c688 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   39.719741] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   39.726993] RDX: 0000000000000009 RSI: 0000000020000040 RDI: 0000000000000003
[   39.734243] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   39.741494] R10: 0000000001719880 R11: 0000000000000213 R12: 00000000000096be
[   39.748746] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   39.756930] Kernel Offset: disabled
[   39.760560] Rebooting in 86400 seconds..