INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 36.629865] audit: type=1400 audit(1537863066.120:2): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5566 comm="syz-executor878" executing program [ 36.670952] audit: type=1400 audit(1537863066.170:3): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5567 comm="syz-executor878" executing program [ 36.712540] audit: type=1400 audit(1537863066.210:4): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5568 comm="syz-executor878" executing program [ 36.752648] audit: type=1400 audit(1537863066.250:5): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5569 comm="syz-executor878" [ 36.772133] ================================================================== [ 36.779590] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160 [ 36.785732] Read of size 1 at addr ffff8801bb27f400 by task syz-executor878/5570 [ 36.793287] [ 36.794904] CPU: 0 PID: 5570 Comm: syz-executor878 Not tainted 4.19.0-rc5-next-20180925+ #79 [ 36.803464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.812801] Call Trace: [ 36.815386] dump_stack+0x1d3/0x2c4 [ 36.819001] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.824174] ? printk+0xa7/0xcf [ 36.827441] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.832189] print_address_description.cold.8+0x9/0x1ff [ 36.837540] kasan_report.cold.9+0x242/0x309 [ 36.841948] ? memcmp+0xe3/0x160 [ 36.845307] __asan_report_load1_noabort+0x14/0x20 [ 36.850227] memcmp+0xe3/0x160 [ 36.853408] strnstr+0x4b/0x70 [ 36.856601] __aa_lookupn_ns+0xc1/0x570 [ 36.860678] ? aa_find_ns+0x30/0x30 [ 36.864350] ? lock_acquire+0x1ed/0x520 [ 36.868313] ? __aa_lookupn_ns+0x570/0x570 [ 36.872538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.878076] ? check_preemption_disabled+0x48/0x200 [ 36.883092] ? kasan_check_read+0x11/0x20 [ 36.887229] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 36.892490] ? rcu_softirq_qs+0x20/0x20 [ 36.896464] ? print_usage_bug+0xc0/0xc0 [ 36.900517] aa_lookupn_ns+0x88/0x1e0 [ 36.904305] aa_fqlookupn_profile+0x1b9/0x1010 [ 36.908880] ? lru_cache_add_file+0x20/0x20 [ 36.913206] ? aa_lookup_profile+0x30/0x30 [ 36.917424] ? __lock_acquire+0x7ec/0x4ec0 [ 36.921642] ? noop_count+0x40/0x40 [ 36.925257] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.930789] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 36.936225] ? refcount_add_not_zero_checked+0x330/0x330 [ 36.941662] ? mark_held_locks+0x130/0x130 [ 36.945888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.951430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.956984] fqlookupn_profile+0x80/0xc0 [ 36.961049] aa_label_strn_parse+0xa3a/0x1230 [ 36.965536] ? aa_label_printk+0x850/0x850 [ 36.969767] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 36.974688] ? kasan_check_read+0x11/0x20 [ 36.978830] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 36.984092] ? rcu_softirq_qs+0x20/0x20 [ 36.988152] ? rcu_softirq_qs+0x20/0x20 [ 36.992120] ? unwind_dump+0x190/0x190 [ 36.995999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.001521] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.006959] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.012396] ? unwind_get_return_address+0x61/0xa0 [ 37.017312] ? __save_stack_trace+0x8d/0xf0 [ 37.021656] aa_label_parse+0x42/0x50 [ 37.025445] aa_change_profile+0x513/0x3510 [ 37.029767] ? save_stack+0x43/0xd0 [ 37.033403] ? kasan_kmalloc+0xc7/0xe0 [ 37.037288] ? apparmor_setprocattr+0x2ab/0x1180 [ 37.042031] ? __vfs_write+0x119/0x9f0 [ 37.045902] ? __x64_sys_write+0x1/0xb0 [ 37.049860] ? do_syscall_64+0x1b9/0x820 [ 37.053906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.059278] ? aa_change_hat+0x1a20/0x1a20 [ 37.063496] ? find_held_lock+0x36/0x1c0 [ 37.067551] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.073072] ? check_preemption_disabled+0x48/0x200 [ 37.078081] ? __lock_is_held+0xb5/0x140 [ 37.082135] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.087160] ? __kmalloc+0x5de/0x760 [ 37.090868] ? graph_lock+0x170/0x170 [ 37.094658] ? mark_held_locks+0x130/0x130 [ 37.098895] apparmor_setprocattr+0xa9e/0x1180 [ 37.103479] ? apparmor_task_kill+0xcb0/0xcb0 [ 37.107961] ? lock_downgrade+0x900/0x900 [ 37.112109] ? ttwu_stat+0x5c0/0x5c0 [ 37.115827] security_setprocattr+0x66/0xc0 [ 37.120147] proc_pid_attr_write+0x301/0x540 [ 37.124562] __vfs_write+0x119/0x9f0 [ 37.128292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.133917] ? proc_loginuid_write+0x4f0/0x4f0 [ 37.138555] ? kernel_read+0x120/0x120 [ 37.142443] ? __lock_is_held+0xb5/0x140 [ 37.146497] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.151509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.157045] ? __sb_start_write+0x1b2/0x370 [ 37.161359] vfs_write+0x1fc/0x560 [ 37.164891] ksys_write+0x101/0x260 [ 37.168519] ? __ia32_sys_read+0xb0/0xb0 [ 37.172568] ? trace_hardirqs_off_caller+0x300/0x300 [ 37.177657] __x64_sys_write+0x73/0xb0 [ 37.181533] do_syscall_64+0x1b9/0x820 [ 37.185408] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.190757] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.195677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.200504] ? trace_hardirqs_off+0x310/0x310 [ 37.204985] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.209988] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.215510] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.220514] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.225361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.230539] RIP: 0033:0x440d49 [ 37.233715] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.252600] RSP: 002b:00007ffdc7366f98 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 37.260297] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 37.267549] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 37.274804] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 37.282069] R10: 0000000000c47880 R11: 0000000000000213 R12: 0000000000008f61 [ 37.289337] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 37.296596] [ 37.298208] The buggy address belongs to the page: [ 37.303141] page:ffffea0006ec9fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 37.311281] flags: 0x2fffc0000000000() [ 37.315152] raw: 02fffc0000000000 0000000000000000 ffffffff06ec0101 0000000000000000 [ 37.323017] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 37.330996] page dumped because: kasan: bad access detected [ 37.336752] [ 37.338379] Memory state around the buggy address: [ 37.343292] ffff8801bb27f300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.350633] ffff8801bb27f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 37.358035] >ffff8801bb27f400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 37.365479] ^ [ 37.368845] ffff8801bb27f480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 37.376299] ffff8801bb27f500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 37.383680] ================================================================== [ 37.391067] Disabling lock debugging due to kernel taint [ 37.398957] Kernel panic - not syncing: panic_on_warn set ... [ 37.398957] [ 37.406322] CPU: 0 PID: 5570 Comm: syz-executor878 Tainted: G B 4.19.0-rc5-next-20180925+ #79 [ 37.416260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.425591] Call Trace: [ 37.428169] dump_stack+0x1d3/0x2c4 [ 37.431854] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.437034] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 37.441792] panic+0x238/0x4e7 [ 37.444963] ? add_taint.cold.5+0x16/0x16 [ 37.449091] ? preempt_schedule+0x4d/0x60 [ 37.453227] ? ___preempt_schedule+0x16/0x18 [ 37.457619] ? trace_hardirqs_on+0xb4/0x310 [ 37.461925] kasan_end_report+0x47/0x4f [ 37.465879] kasan_report.cold.9+0x76/0x309 [ 37.470223] ? memcmp+0xe3/0x160 [ 37.473582] __asan_report_load1_noabort+0x14/0x20 [ 37.478490] memcmp+0xe3/0x160 [ 37.481662] strnstr+0x4b/0x70 [ 37.484834] __aa_lookupn_ns+0xc1/0x570 [ 37.488796] ? aa_find_ns+0x30/0x30 [ 37.492412] ? lock_acquire+0x1ed/0x520 [ 37.496369] ? __aa_lookupn_ns+0x570/0x570 [ 37.500583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.506106] ? check_preemption_disabled+0x48/0x200 [ 37.511114] ? kasan_check_read+0x11/0x20 [ 37.515249] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 37.520510] ? rcu_softirq_qs+0x20/0x20 [ 37.524486] ? print_usage_bug+0xc0/0xc0 [ 37.528636] aa_lookupn_ns+0x88/0x1e0 [ 37.532435] aa_fqlookupn_profile+0x1b9/0x1010 [ 37.536997] ? lru_cache_add_file+0x20/0x20 [ 37.541301] ? aa_lookup_profile+0x30/0x30 [ 37.545518] ? __lock_acquire+0x7ec/0x4ec0 [ 37.549733] ? noop_count+0x40/0x40 [ 37.553346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.558865] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.564294] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.569724] ? mark_held_locks+0x130/0x130 [ 37.574060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.579583] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.585168] fqlookupn_profile+0x80/0xc0 [ 37.589234] aa_label_strn_parse+0xa3a/0x1230 [ 37.593818] ? aa_label_printk+0x850/0x850 [ 37.598098] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 37.603036] ? kasan_check_read+0x11/0x20 [ 37.607170] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 37.612470] ? rcu_softirq_qs+0x20/0x20 [ 37.616433] ? rcu_softirq_qs+0x20/0x20 [ 37.620393] ? unwind_dump+0x190/0x190 [ 37.624270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.629878] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.635314] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.640748] ? unwind_get_return_address+0x61/0xa0 [ 37.645663] ? __save_stack_trace+0x8d/0xf0 [ 37.649970] aa_label_parse+0x42/0x50 [ 37.653758] aa_change_profile+0x513/0x3510 [ 37.658069] ? save_stack+0x43/0xd0 [ 37.661680] ? kasan_kmalloc+0xc7/0xe0 [ 37.665549] ? apparmor_setprocattr+0x2ab/0x1180 [ 37.670301] ? __vfs_write+0x119/0x9f0 [ 37.674170] ? __x64_sys_write+0x1/0xb0 [ 37.678126] ? do_syscall_64+0x1b9/0x820 [ 37.682171] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.687515] ? aa_change_hat+0x1a20/0x1a20 [ 37.691731] ? find_held_lock+0x36/0x1c0 [ 37.695785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.701304] ? check_preemption_disabled+0x48/0x200 [ 37.706305] ? __lock_is_held+0xb5/0x140 [ 37.710352] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.715355] ? __kmalloc+0x5de/0x760 [ 37.719052] ? graph_lock+0x170/0x170 [ 37.722838] ? mark_held_locks+0x130/0x130 [ 37.727056] apparmor_setprocattr+0xa9e/0x1180 [ 37.731640] ? apparmor_task_kill+0xcb0/0xcb0 [ 37.736119] ? lock_downgrade+0x900/0x900 [ 37.740247] ? ttwu_stat+0x5c0/0x5c0 [ 37.743963] security_setprocattr+0x66/0xc0 [ 37.748285] proc_pid_attr_write+0x301/0x540 [ 37.752680] __vfs_write+0x119/0x9f0 [ 37.756479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.762003] ? proc_loginuid_write+0x4f0/0x4f0 [ 37.766565] ? kernel_read+0x120/0x120 [ 37.770439] ? __lock_is_held+0xb5/0x140 [ 37.774490] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.779594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.785120] ? __sb_start_write+0x1b2/0x370 [ 37.789426] vfs_write+0x1fc/0x560 [ 37.792948] ksys_write+0x101/0x260 [ 37.796556] ? __ia32_sys_read+0xb0/0xb0 [ 37.800606] ? trace_hardirqs_off_caller+0x300/0x300 [ 37.805696] __x64_sys_write+0x73/0xb0 [ 37.809568] do_syscall_64+0x1b9/0x820 [ 37.813437] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.818812] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.823735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.828582] ? trace_hardirqs_off+0x310/0x310 [ 37.833064] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.838069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.843590] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.848597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.853432] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.858648] RIP: 0033:0x440d49 [ 37.861826] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.880706] RSP: 002b:00007ffdc7366f98 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 37.888405] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 37.895654] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 37.902905] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 37.910166] R10: 0000000000c47880 R11: 0000000000000213 R12: 0000000000008f61 [ 37.917421] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 37.925558] Kernel Offset: disabled [ 37.929184] Rebooting in 86400 seconds..