[info] Using makefile-style concurrent boot in runlevel 2. [ 24.744227] audit: type=1800 audit(1538102771.393:21): pid=5210 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[ 25.145131] rsyslogd (5235) used greatest stack depth: 15496 bytes left [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. executing program executing program executing program syzkaller login: [ 36.766357] kauditd_printk_skb: 9 callbacks suppressed [ 36.766371] audit: type=1400 audit(1538102783.413:31): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5365 comm="syz-executor471" [ 36.799114] audit: type=1400 audit(1538102783.443:32): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5366 comm="syz-executor471" executing program executing program [ 36.826282] audit: type=1400 audit(1538102783.473:33): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5367 comm="syz-executor471" [ 36.853389] audit: type=1400 audit(1538102783.503:34): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5368 comm="syz-executor471" [ 36.872940] ================================================================== [ 36.880409] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160 [ 36.886556] Read of size 1 at addr ffff8801bafa7400 by task syz-executor471/5369 [ 36.894070] [ 36.895689] CPU: 1 PID: 5369 Comm: syz-executor471 Not tainted 4.19.0-rc5+ #257 [ 36.903116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.912452] Call Trace: [ 36.915050] dump_stack+0x1c4/0x2b4 [ 36.918669] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.923859] ? printk+0xa7/0xcf [ 36.927143] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.931924] print_address_description.cold.8+0x9/0x1ff [ 36.937285] kasan_report.cold.9+0x242/0x309 [ 36.941695] ? memcmp+0xe3/0x160 [ 36.945073] __asan_report_load1_noabort+0x14/0x20 [ 36.949992] memcmp+0xe3/0x160 [ 36.953174] strnstr+0x4b/0x70 [ 36.956361] __aa_lookupn_ns+0xc1/0x570 [ 36.960330] ? aa_find_ns+0x30/0x30 [ 36.963956] ? lock_acquire+0x1ed/0x520 [ 36.967927] ? __aa_lookupn_ns+0x570/0x570 [ 36.972167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.977702] ? check_preemption_disabled+0x48/0x200 [ 36.982707] ? kasan_check_read+0x11/0x20 [ 36.986843] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.992106] ? rcu_bh_qs+0xc0/0xc0 [ 36.995638] ? print_usage_bug+0xc0/0xc0 [ 36.999692] aa_lookupn_ns+0x88/0x1e0 [ 37.003484] aa_fqlookupn_profile+0x1b9/0x1010 [ 37.008071] ? lru_cache_add+0x417/0xa50 [ 37.012126] ? aa_lookup_profile+0x30/0x30 [ 37.016360] ? __lock_acquire+0x7ec/0x4ec0 [ 37.020582] ? noop_count+0x40/0x40 [ 37.024200] ? rcu_bh_qs+0xc0/0xc0 [ 37.027731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.033257] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.038696] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.044141] ? mark_held_locks+0x130/0x130 [ 37.048366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.053891] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.059419] fqlookupn_profile+0x80/0xc0 [ 37.063469] aa_label_strn_parse+0xa3a/0x1230 [ 37.067957] ? aa_label_printk+0x850/0x850 [ 37.072194] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 37.077990] ? kasan_check_read+0x11/0x20 [ 37.082390] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.087676] ? rcu_bh_qs+0xc0/0xc0 [ 37.091205] ? rcu_bh_qs+0xc0/0xc0 [ 37.094735] ? unwind_dump+0x190/0x190 [ 37.098615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.104140] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.109582] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.115023] ? unwind_get_return_address+0x61/0xa0 [ 37.119941] ? __save_stack_trace+0x8d/0xf0 [ 37.124262] aa_label_parse+0x42/0x50 [ 37.128067] aa_change_profile+0x513/0x3510 [ 37.132376] ? save_stack+0x43/0xd0 [ 37.135988] ? kasan_kmalloc+0xc7/0xe0 [ 37.139866] ? apparmor_setprocattr+0x2ab/0x1150 [ 37.144655] ? __vfs_write+0x119/0x9f0 [ 37.148531] ? __x64_sys_write+0x31/0xb0 [ 37.152608] ? do_syscall_64+0x1b9/0x820 [ 37.156674] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.162034] ? aa_change_hat+0x1a20/0x1a20 [ 37.166256] ? find_held_lock+0x36/0x1c0 [ 37.170317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.175843] ? check_preemption_disabled+0x48/0x200 [ 37.180845] ? check_preemption_disabled+0x48/0x200 [ 37.185855] ? __lock_is_held+0xb5/0x140 [ 37.189911] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.194926] ? __kmalloc+0x5de/0x760 [ 37.198626] ? graph_lock+0x170/0x170 [ 37.202413] ? mark_held_locks+0x130/0x130 [ 37.206652] apparmor_setprocattr+0xa8b/0x1150 [ 37.211241] ? apparmor_task_kill+0xcb0/0xcb0 [ 37.215728] ? lock_downgrade+0x900/0x900 [ 37.219872] ? arch_local_save_flags+0x40/0x40 [ 37.224467] security_setprocattr+0x66/0xc0 [ 37.228784] proc_pid_attr_write+0x301/0x540 [ 37.233187] __vfs_write+0x119/0x9f0 [ 37.236891] ? check_preemption_disabled+0x48/0x200 [ 37.241894] ? proc_loginuid_write+0x4f0/0x4f0 [ 37.246464] ? kernel_read+0x120/0x120 [ 37.250346] ? __lock_is_held+0xb5/0x140 [ 37.254415] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.259433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.264959] ? __sb_start_write+0x1b2/0x370 [ 37.269274] vfs_write+0x1fc/0x560 [ 37.272808] ksys_write+0x101/0x260 [ 37.276426] ? __ia32_sys_read+0xb0/0xb0 [ 37.280480] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.285924] __x64_sys_write+0x73/0xb0 [ 37.289805] do_syscall_64+0x1b9/0x820 [ 37.293684] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.299036] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.303952] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.308788] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.313815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.318828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.324372] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.329391] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.334226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.339400] RIP: 0033:0x440d49 [ 37.342581] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.361477] RSP: 002b:00007ffefe5ab6c8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 37.369180] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 37.376436] RDX: 000000000000002c RSI: 0000000020000000 RDI: 0000000000000003 [ 37.383690] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 37.390949] R10: 000000000208b880 R11: 0000000000000213 R12: 0000000000008fd4 [ 37.398208] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 37.405474] [ 37.407094] The buggy address belongs to the page: [ 37.412009] page:ffffea0006ebe9c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 37.420138] flags: 0x2fffc0000000000() [ 37.424013] raw: 02fffc0000000000 0000000000000000 ffffffff06eb0101 0000000000000000 [ 37.431884] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 37.439776] page dumped because: kasan: bad access detected [ 37.445468] [ 37.447088] Memory state around the buggy address: [ 37.452003] ffff8801bafa7300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.459365] ffff8801bafa7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 37.466725] >ffff8801bafa7400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 37.474065] ^ [ 37.477414] ffff8801bafa7480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 37.484758] ffff8801bafa7500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 37.492096] ================================================================== [ 37.499434] Disabling lock debugging due to kernel taint [ 37.505556] Kernel panic - not syncing: panic_on_warn set ... [ 37.505556] [ 37.512319] kobject: 'regulatory.0' (0000000018f52c21): kobject_uevent_env [ 37.512942] CPU: 1 PID: 5369 Comm: syz-executor471 Tainted: G B 4.19.0-rc5+ #257 [ 37.519964] kobject: 'regulatory.0' (0000000018f52c21): fill_kobj_path: path = '/devices/platform/regulatory.0' [ 37.528767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.528772] Call Trace: [ 37.528794] dump_stack+0x1c4/0x2b4 [ 37.528813] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.559738] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.564509] panic+0x238/0x4e7 [ 37.567738] ? add_taint.cold.5+0x16/0x16 [ 37.571888] ? preempt_schedule+0x4d/0x60 [ 37.576021] ? ___preempt_schedule+0x16/0x18 [ 37.580415] ? trace_hardirqs_on+0xb4/0x310 [ 37.584735] kasan_end_report+0x47/0x4f [ 37.588696] kasan_report.cold.9+0x76/0x309 [ 37.593005] ? memcmp+0xe3/0x160 [ 37.596359] __asan_report_load1_noabort+0x14/0x20 [ 37.601273] memcmp+0xe3/0x160 [ 37.604452] strnstr+0x4b/0x70 [ 37.607637] __aa_lookupn_ns+0xc1/0x570 [ 37.611598] ? aa_find_ns+0x30/0x30 [ 37.615220] ? lock_acquire+0x1ed/0x520 [ 37.619185] ? __aa_lookupn_ns+0x570/0x570 [ 37.623405] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.628930] ? check_preemption_disabled+0x48/0x200 [ 37.633929] ? kasan_check_read+0x11/0x20 [ 37.638064] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.643331] ? rcu_bh_qs+0xc0/0xc0 [ 37.646858] ? print_usage_bug+0xc0/0xc0 [ 37.650906] aa_lookupn_ns+0x88/0x1e0 [ 37.654705] aa_fqlookupn_profile+0x1b9/0x1010 [ 37.659280] ? lru_cache_add+0x417/0xa50 [ 37.663333] ? aa_lookup_profile+0x30/0x30 [ 37.667558] ? __lock_acquire+0x7ec/0x4ec0 [ 37.671777] ? noop_count+0x40/0x40 [ 37.675388] ? rcu_bh_qs+0xc0/0xc0 [ 37.678916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.684438] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.689878] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.695331] ? mark_held_locks+0x130/0x130 [ 37.699571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.705095] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.710619] fqlookupn_profile+0x80/0xc0 [ 37.714664] aa_label_strn_parse+0xa3a/0x1230 [ 37.719146] ? aa_label_printk+0x850/0x850 [ 37.723367] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 37.729150] ? kasan_check_read+0x11/0x20 [ 37.733283] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 37.738554] ? rcu_bh_qs+0xc0/0xc0 [ 37.742082] ? rcu_bh_qs+0xc0/0xc0 [ 37.745605] ? unwind_dump+0x190/0x190 [ 37.749481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.755034] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.760484] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.765919] ? unwind_get_return_address+0x61/0xa0 [ 37.770839] ? __save_stack_trace+0x8d/0xf0 [ 37.775148] aa_label_parse+0x42/0x50 [ 37.778952] aa_change_profile+0x513/0x3510 [ 37.783281] ? save_stack+0x43/0xd0 [ 37.786916] ? kasan_kmalloc+0xc7/0xe0 [ 37.790791] ? apparmor_setprocattr+0x2ab/0x1150 [ 37.795536] ? __vfs_write+0x119/0x9f0 [ 37.799417] ? __x64_sys_write+0x31/0xb0 [ 37.803465] ? do_syscall_64+0x1b9/0x820 [ 37.807512] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.812861] ? aa_change_hat+0x1a20/0x1a20 [ 37.817079] ? find_held_lock+0x36/0x1c0 [ 37.821129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.826657] ? check_preemption_disabled+0x48/0x200 [ 37.831653] ? check_preemption_disabled+0x48/0x200 [ 37.836656] ? __lock_is_held+0xb5/0x140 [ 37.840705] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.845715] ? __kmalloc+0x5de/0x760 [ 37.849421] ? graph_lock+0x170/0x170 [ 37.853226] ? mark_held_locks+0x130/0x130 [ 37.857450] apparmor_setprocattr+0xa8b/0x1150 [ 37.862093] ? apparmor_task_kill+0xcb0/0xcb0 [ 37.866586] ? lock_downgrade+0x900/0x900 [ 37.870732] ? arch_local_save_flags+0x40/0x40 [ 37.875313] security_setprocattr+0x66/0xc0 [ 37.879630] proc_pid_attr_write+0x301/0x540 [ 37.884029] __vfs_write+0x119/0x9f0 [ 37.887728] ? check_preemption_disabled+0x48/0x200 [ 37.892730] ? proc_loginuid_write+0x4f0/0x4f0 [ 37.897298] ? kernel_read+0x120/0x120 [ 37.901191] ? __lock_is_held+0xb5/0x140 [ 37.905242] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.910263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.915786] ? __sb_start_write+0x1b2/0x370 [ 37.920099] vfs_write+0x1fc/0x560 [ 37.923631] ksys_write+0x101/0x260 [ 37.927257] ? __ia32_sys_read+0xb0/0xb0 [ 37.931315] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.936767] __x64_sys_write+0x73/0xb0 [ 37.940642] do_syscall_64+0x1b9/0x820 [ 37.944531] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.949895] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.954810] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.959642] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.964662] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.969664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.975207] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.980223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.985074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.990247] RIP: 0033:0x440d49 [ 37.993426] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.012629] RSP: 002b:00007ffefe5ab6c8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 38.020328] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 38.027581] RDX: 000000000000002c RSI: 0000000020000000 RDI: 0000000000000003 [ 38.034833] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 38.042095] R10: 000000000208b880 R11: 0000000000000213 R12: 0000000000008fd4 [ 38.049345] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 38.057562] Kernel Offset: disabled [ 38.061185] Rebooting in 86400 seconds..