[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.671088] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.062621] random: sshd: uninitialized urandom read (32 bytes read)
[   28.392086] random: sshd: uninitialized urandom read (32 bytes read)
[   28.968798] random: sshd: uninitialized urandom read (32 bytes read)
[   29.174913] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
[   35.037636] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[   35.162682] audit: type=1400 audit(1537816967.234:2): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5339 comm="syz-executor768"
[   35.182727] audit: type=1400 audit(1537816967.254:3): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5340 comm="syz-executor768"
executing program
[   35.201748] audit: type=1400 audit(1537816967.274:4): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5341 comm="syz-executor768"
[   35.221408] ==================================================================
[   35.228888] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
[   35.235020] Read of size 1 at addr ffff8801b70873b0 by task syz-executor768/5342
[   35.242531] 
[   35.244161] CPU: 1 PID: 5342 Comm: syz-executor768 Not tainted 4.19.0-rc5+ #155
[   35.251598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.260953] Call Trace:
[   35.263529]  dump_stack+0x1c4/0x2b4
[   35.267150]  ? dump_stack_print_info.cold.2+0x52/0x52
[   35.272329]  ? printk+0xa7/0xcf
[   35.275592]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   35.280354]  print_address_description.cold.8+0x9/0x1ff
[   35.285722]  kasan_report.cold.9+0x242/0x309
[   35.290128]  ? memcmp+0xe3/0x160
[   35.293482]  __asan_report_load1_noabort+0x14/0x20
[   35.298397]  memcmp+0xe3/0x160
[   35.301578]  strnstr+0x4b/0x70
[   35.304766]  __aa_lookupn_ns+0xc1/0x570
[   35.308747]  ? aa_find_ns+0x30/0x30
[   35.312391]  ? lock_acquire+0x1ed/0x520
[   35.316349]  ? __aa_lookupn_ns+0x570/0x570
[   35.320577]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.326117]  ? check_preemption_disabled+0x48/0x200
[   35.331139]  ? kasan_check_read+0x11/0x20
[   35.335276]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   35.340537]  ? print_usage_bug+0xc0/0xc0
[   35.344587]  ? rcu_bh_qs+0xc0/0xc0
[   35.348114]  ? print_usage_bug+0xc0/0xc0
[   35.352173]  aa_lookupn_ns+0x88/0x1e0
[   35.355980]  aa_fqlookupn_profile+0x1b9/0x1010
[   35.360558]  ? aa_lookup_profile+0x30/0x30
[   35.364779]  ? __lock_acquire+0x7ec/0x4ec0
[   35.368998]  ? noop_count+0x40/0x40
[   35.372614]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.378137]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   35.383574]  ? refcount_add_not_zero_checked+0x330/0x330
[   35.389010]  ? mark_held_locks+0x130/0x130
[   35.393241]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.398782]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   35.404325]  fqlookupn_profile+0x80/0xc0
[   35.408387]  aa_label_strn_parse+0xa3a/0x1230
[   35.412874]  ? aa_label_printk+0x850/0x850
[   35.417097]  ? do_raw_spin_unlock+0xa7/0x2f0
[   35.421489]  ? graph_lock+0x170/0x170
[   35.425276]  ? lockdep_on+0x50/0x50
[   35.428891]  ? graph_lock+0x170/0x170
[   35.432681]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.438207]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   35.443648]  ? refcount_add_not_zero_checked+0x330/0x330
[   35.449087]  ? graph_lock+0x170/0x170
[   35.452891]  ? find_held_lock+0x36/0x1c0
[   35.456940]  aa_label_parse+0x42/0x50
[   35.460731]  aa_change_profile+0x513/0x3510
[   35.465052]  ? lock_acquire+0x1ed/0x520
[   35.469016]  ? aa_change_hat+0x1a20/0x1a20
[   35.473250]  ? is_bpf_text_address+0xd3/0x170
[   35.477772]  ? __mutex_lock+0x85e/0x1700
[   35.481822]  ? proc_pid_attr_write+0x28a/0x540
[   35.486391]  ? mutex_trylock+0x2b0/0x2b0
[   35.490436]  ? save_stack+0xa9/0xd0
[   35.494060]  ? save_stack+0x43/0xd0
[   35.497671]  ? kasan_kmalloc+0xc7/0xe0
[   35.501575]  ? __kmalloc_track_caller+0x14a/0x750
[   35.506404]  ? memdup_user+0x2c/0xa0
[   35.510129]  ? proc_pid_attr_write+0x198/0x540
[   35.514715]  ? graph_lock+0x170/0x170
[   35.518510]  ? __ia32_sys_write+0x71/0xb0
[   35.522646]  ? graph_lock+0x170/0x170
[   35.526432]  ? mark_held_locks+0x130/0x130
[   35.530660]  apparmor_setprocattr+0xaa4/0x1150
[   35.535233]  ? apparmor_task_kill+0xcb0/0xcb0
[   35.539713]  ? lock_downgrade+0x900/0x900
[   35.543849]  ? arch_local_save_flags+0x40/0x40
[   35.548433]  security_setprocattr+0x66/0xc0
[   35.552777]  proc_pid_attr_write+0x301/0x540
[   35.557176]  __vfs_write+0x119/0x9f0
[   35.560965]  ? check_preemption_disabled+0x48/0x200
[   35.565966]  ? proc_loginuid_write+0x4f0/0x4f0
[   35.570537]  ? kernel_read+0x120/0x120
[   35.574506]  ? __lock_is_held+0xb5/0x140
[   35.578563]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.583572]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.589126]  ? __sb_start_write+0x1b2/0x370
[   35.593438]  vfs_write+0x1fc/0x560
[   35.596982]  ksys_write+0x101/0x260
[   35.600594]  ? __ia32_sys_read+0xb0/0xb0
[   35.604642]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   35.610085]  __ia32_sys_write+0x71/0xb0
[   35.614051]  do_fast_syscall_32+0x34d/0xfb2
[   35.618373]  ? do_int80_syscall_32+0x890/0x890
[   35.622943]  ? entry_SYSENTER_compat+0x68/0x7f
[   35.627511]  ? trace_hardirqs_off_caller+0xbb/0x310
[   35.632514]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.637339]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.642168]  ? trace_hardirqs_on_caller+0x310/0x310
[   35.647176]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.652179]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.657212]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.662049]  entry_SYSENTER_compat+0x70/0x7f
[   35.666446] RIP: 0023:0xf7ff7ca9
[   35.669802] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   35.688713] RSP: 002b:00000000fffabeac EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   35.696422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100
[   35.703676] RDX: 0000000000000009 RSI: 00000000fffabff4 RDI: 00000000fffabffc
[   35.710931] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   35.718187] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   35.725442] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   35.732703] 
[   35.734310] The buggy address belongs to the page:
[   35.739226] page:ffffea0006dc21c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   35.747350] flags: 0x2fffc0000000000()
[   35.751225] raw: 02fffc0000000000 0000000000000000 ffffffff06dc0101 0000000000000000
[   35.759092] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   35.766950] page dumped because: kasan: bad access detected
[   35.772636] 
[   35.774243] Memory state around the buggy address:
[   35.779156]  ffff8801b7087280: f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
[   35.786498]  ffff8801b7087300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.793843] >ffff8801b7087380: 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2
[   35.801188]                                      ^
[   35.806101]  ffff8801b7087400: f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2
[   35.813444]  ffff8801b7087480: f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[   35.820782] ==================================================================
[   35.828122] Disabling lock debugging due to kernel taint
[   35.834296] Kernel panic - not syncing: panic_on_warn set ...
[   35.834296] 
[   35.842136] CPU: 1 PID: 5342 Comm: syz-executor768 Tainted: G    B             4.19.0-rc5+ #155
[   35.850954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.860291] Call Trace:
[   35.862866]  dump_stack+0x1c4/0x2b4
[   35.866478]  ? dump_stack_print_info.cold.2+0x52/0x52
[   35.871677]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   35.876421]  panic+0x238/0x4e7
[   35.879599]  ? add_taint.cold.5+0x16/0x16
[   35.883734]  ? preempt_schedule+0x4d/0x60
[   35.887883]  ? ___preempt_schedule+0x16/0x18
[   35.892305]  ? trace_hardirqs_on+0xb4/0x310
[   35.896616]  kasan_end_report+0x47/0x4f
[   35.900578]  kasan_report.cold.9+0x76/0x309
[   35.904883]  ? memcmp+0xe3/0x160
[   35.908236]  __asan_report_load1_noabort+0x14/0x20
[   35.913151]  memcmp+0xe3/0x160
[   35.916326]  strnstr+0x4b/0x70
[   35.919505]  __aa_lookupn_ns+0xc1/0x570
[   35.923464]  ? aa_find_ns+0x30/0x30
[   35.927077]  ? lock_acquire+0x1ed/0x520
[   35.931033]  ? __aa_lookupn_ns+0x570/0x570
[   35.935256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.940777]  ? check_preemption_disabled+0x48/0x200
[   35.945794]  ? kasan_check_read+0x11/0x20
[   35.949949]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   35.955214]  ? print_usage_bug+0xc0/0xc0
[   35.959261]  ? rcu_bh_qs+0xc0/0xc0
[   35.962785]  ? print_usage_bug+0xc0/0xc0
[   35.966834]  aa_lookupn_ns+0x88/0x1e0
[   35.970621]  aa_fqlookupn_profile+0x1b9/0x1010
[   35.975189]  ? aa_lookup_profile+0x30/0x30
[   35.979404]  ? __lock_acquire+0x7ec/0x4ec0
[   35.983620]  ? noop_count+0x40/0x40
[   35.987232]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.992761]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   35.998197]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.003631]  ? mark_held_locks+0x130/0x130
[   36.007855]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.013385]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   36.018910]  fqlookupn_profile+0x80/0xc0
[   36.022969]  aa_label_strn_parse+0xa3a/0x1230
[   36.027463]  ? aa_label_printk+0x850/0x850
[   36.031694]  ? do_raw_spin_unlock+0xa7/0x2f0
[   36.036086]  ? graph_lock+0x170/0x170
[   36.039891]  ? lockdep_on+0x50/0x50
[   36.043506]  ? graph_lock+0x170/0x170
[   36.047291]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.052815]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.058249]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.063686]  ? graph_lock+0x170/0x170
[   36.067472]  ? find_held_lock+0x36/0x1c0
[   36.071517]  aa_label_parse+0x42/0x50
[   36.075313]  aa_change_profile+0x513/0x3510
[   36.079623]  ? lock_acquire+0x1ed/0x520
[   36.083584]  ? aa_change_hat+0x1a20/0x1a20
[   36.087813]  ? is_bpf_text_address+0xd3/0x170
[   36.092295]  ? __mutex_lock+0x85e/0x1700
[   36.096339]  ? proc_pid_attr_write+0x28a/0x540
[   36.100908]  ? mutex_trylock+0x2b0/0x2b0
[   36.104961]  ? save_stack+0xa9/0xd0
[   36.108572]  ? save_stack+0x43/0xd0
[   36.112189]  ? kasan_kmalloc+0xc7/0xe0
[   36.116090]  ? __kmalloc_track_caller+0x14a/0x750
[   36.120916]  ? memdup_user+0x2c/0xa0
[   36.124612]  ? proc_pid_attr_write+0x198/0x540
[   36.129182]  ? graph_lock+0x170/0x170
[   36.132966]  ? __ia32_sys_write+0x71/0xb0
[   36.137096]  ? graph_lock+0x170/0x170
[   36.140894]  ? mark_held_locks+0x130/0x130
[   36.145116]  apparmor_setprocattr+0xaa4/0x1150
[   36.149684]  ? apparmor_task_kill+0xcb0/0xcb0
[   36.154162]  ? lock_downgrade+0x900/0x900
[   36.158298]  ? arch_local_save_flags+0x40/0x40
[   36.162872]  security_setprocattr+0x66/0xc0
[   36.167180]  proc_pid_attr_write+0x301/0x540
[   36.171574]  __vfs_write+0x119/0x9f0
[   36.175272]  ? check_preemption_disabled+0x48/0x200
[   36.180272]  ? proc_loginuid_write+0x4f0/0x4f0
[   36.184840]  ? kernel_read+0x120/0x120
[   36.188725]  ? __lock_is_held+0xb5/0x140
[   36.192796]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.197799]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.203320]  ? __sb_start_write+0x1b2/0x370
[   36.207629]  vfs_write+0x1fc/0x560
[   36.211156]  ksys_write+0x101/0x260
[   36.214767]  ? __ia32_sys_read+0xb0/0xb0
[   36.218813]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   36.224246]  __ia32_sys_write+0x71/0xb0
[   36.228215]  do_fast_syscall_32+0x34d/0xfb2
[   36.232536]  ? do_int80_syscall_32+0x890/0x890
[   36.237107]  ? entry_SYSENTER_compat+0x68/0x7f
[   36.241676]  ? trace_hardirqs_off_caller+0xbb/0x310
[   36.246677]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.251504]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.256330]  ? trace_hardirqs_on_caller+0x310/0x310
[   36.261332]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.266331]  ? prepare_exit_to_usermode+0x291/0x3b0
[   36.271332]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.276161]  entry_SYSENTER_compat+0x70/0x7f
[   36.280559] RIP: 0023:0xf7ff7ca9
[   36.283909] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   36.302798] RSP: 002b:00000000fffabeac EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   36.310496] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100
[   36.317776] RDX: 0000000000000009 RSI: 00000000fffabff4 RDI: 00000000fffabffc
[   36.325035] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   36.332291] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   36.339719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   36.347946] Kernel Offset: disabled
[   36.351576] Rebooting in 86400 seconds..