[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   26.162296] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   29.174813] random: sshd: uninitialized urandom read (32 bytes read)
[   29.557990] random: sshd: uninitialized urandom read (32 bytes read)
[   30.190860] random: sshd: uninitialized urandom read (32 bytes read)
[   30.405096] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts.
[   36.009342] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[   36.143231] audit: type=1400 audit(1537827375.259:2): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5392 comm="syz-executor375"
[   36.170548] audit: type=1400 audit(1537827375.289:3): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5393 comm="syz-executor375"
executing program
[   36.198702] audit: type=1400 audit(1537827375.319:4): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5394 comm="syz-executor375"
[   36.218522] ==================================================================
[   36.226004] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
[   36.232167] Read of size 1 at addr ffff8801d3e3f400 by task syz-executor375/5395
[   36.239684] 
[   36.241302] CPU: 1 PID: 5395 Comm: syz-executor375 Not tainted 4.19.0-rc5+ #252
[   36.248736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.258074] Call Trace:
[   36.260659]  dump_stack+0x1c4/0x2b4
[   36.264276]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.269459]  ? printk+0xa7/0xcf
[   36.272744]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   36.277495]  print_address_description.cold.8+0x9/0x1ff
[   36.282854]  kasan_report.cold.9+0x242/0x309
[   36.287263]  ? memcmp+0xe3/0x160
[   36.290621]  __asan_report_load1_noabort+0x14/0x20
[   36.295551]  memcmp+0xe3/0x160
[   36.298733]  strnstr+0x4b/0x70
[   36.301930]  __aa_lookupn_ns+0xc1/0x570
[   36.305909]  ? aa_find_ns+0x30/0x30
[   36.309544]  ? lock_acquire+0x1ed/0x520
[   36.313507]  ? __aa_lookupn_ns+0x570/0x570
[   36.317732]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.324040]  ? check_preemption_disabled+0x48/0x200
[   36.329047]  ? kasan_check_read+0x11/0x20
[   36.333197]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   36.338481]  ? rcu_bh_qs+0xc0/0xc0
[   36.342012]  ? print_usage_bug+0xc0/0xc0
[   36.346071]  aa_lookupn_ns+0x88/0x1e0
[   36.349862]  aa_fqlookupn_profile+0x1b9/0x1010
[   36.354438]  ? lru_cache_add+0x417/0xa50
[   36.358500]  ? aa_lookup_profile+0x30/0x30
[   36.362745]  ? __lock_acquire+0x7ec/0x4ec0
[   36.366974]  ? noop_count+0x40/0x40
[   36.370618]  ? rcu_bh_qs+0xc0/0xc0
[   36.374178]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.379706]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.385152]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.390590]  ? mark_held_locks+0x130/0x130
[   36.394826]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.400365]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   36.405904]  fqlookupn_profile+0x80/0xc0
[   36.409970]  aa_label_strn_parse+0xa3a/0x1230
[   36.414460]  ? aa_label_printk+0x850/0x850
[   36.418687]  ? lockdep_on+0x50/0x50
[   36.422304]  ? graph_lock+0x170/0x170
[   36.426108]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.431667]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.437124]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.442568]  ? graph_lock+0x170/0x170
[   36.446374]  ? find_held_lock+0x36/0x1c0
[   36.450433]  aa_label_parse+0x42/0x50
[   36.454225]  aa_change_profile+0x513/0x3510
[   36.458540]  ? lock_acquire+0x1ed/0x520
[   36.462505]  ? aa_change_hat+0x1a20/0x1a20
[   36.466741]  ? is_bpf_text_address+0xd3/0x170
[   36.471227]  ? __mutex_lock+0x85e/0x1700
[   36.475283]  ? proc_pid_attr_write+0x28a/0x540
[   36.479875]  ? mutex_trylock+0x2b0/0x2b0
[   36.483921]  ? save_stack+0xa9/0xd0
[   36.487546]  ? save_stack+0x43/0xd0
[   36.491167]  ? kasan_kmalloc+0xc7/0xe0
[   36.495041]  ? __kmalloc_track_caller+0x14a/0x750
[   36.499878]  ? proc_pid_attr_write+0x198/0x540
[   36.504451]  ? graph_lock+0x170/0x170
[   36.508258]  ? __x64_sys_write+0x73/0xb0
[   36.512322]  ? graph_lock+0x170/0x170
[   36.516108]  ? mark_held_locks+0x130/0x130
[   36.520333]  apparmor_setprocattr+0xa8b/0x1150
[   36.524918]  ? apparmor_task_kill+0xcb0/0xcb0
[   36.529409]  ? lock_downgrade+0x900/0x900
[   36.533545]  ? arch_local_save_flags+0x40/0x40
[   36.538132]  security_setprocattr+0x66/0xc0
[   36.542449]  proc_pid_attr_write+0x301/0x540
[   36.546847]  __vfs_write+0x119/0x9f0
[   36.550549]  ? check_preemption_disabled+0x48/0x200
[   36.555552]  ? proc_loginuid_write+0x4f0/0x4f0
[   36.560149]  ? kernel_read+0x120/0x120
[   36.564048]  ? __lock_is_held+0xb5/0x140
[   36.568102]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.573107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.578640]  ? __sb_start_write+0x1b2/0x370
[   36.582961]  vfs_write+0x1fc/0x560
[   36.586492]  ksys_write+0x101/0x260
[   36.590106]  ? __ia32_sys_read+0xb0/0xb0
[   36.594171]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   36.599611]  __x64_sys_write+0x73/0xb0
[   36.603502]  do_syscall_64+0x1b9/0x820
[   36.607377]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   36.612743]  ? syscall_return_slowpath+0x5e0/0x5e0
[   36.617668]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.622516]  ? trace_hardirqs_on_caller+0x310/0x310
[   36.627520]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.632532]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.638053]  ? prepare_exit_to_usermode+0x291/0x3b0
[   36.643078]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.647914]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.653086] RIP: 0033:0x440d49
[   36.656276] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   36.675180] RSP: 002b:00007ffdbebce048 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   36.682875] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   36.690128] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000003
[   36.697389] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   36.704663] R10: 00000000025b3880 R11: 0000000000000213 R12: 0000000000008d44
[   36.711921] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   36.719186] 
[   36.720795] The buggy address belongs to the page:
[   36.725713] page:ffffea00074f8fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   36.733848] flags: 0x2fffc0000000000()
[   36.737729] raw: 02fffc0000000000 0000000000000000 ffffffff074f0101 0000000000000000
[   36.745603] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   36.753470] page dumped because: kasan: bad access detected
[   36.759163] 
[   36.760784] Memory state around the buggy address:
[   36.765697]  ffff8801d3e3f300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.773038]  ffff8801d3e3f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   36.780392] >ffff8801d3e3f400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   36.787746]                    ^
[   36.791098]  ffff8801d3e3f480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   36.798438]  ffff8801d3e3f500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00
[   36.805776] ==================================================================
[   36.813113] Disabling lock debugging due to kernel taint
[   36.819488] Kernel panic - not syncing: panic_on_warn set ...
[   36.819488] 
[   36.826870] CPU: 1 PID: 5395 Comm: syz-executor375 Tainted: G    B             4.19.0-rc5+ #252
[   36.835691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.845052] Call Trace:
[   36.847644]  dump_stack+0x1c4/0x2b4
[   36.851258]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.856439]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.861182]  panic+0x238/0x4e7
[   36.864367]  ? add_taint.cold.5+0x16/0x16
[   36.868510]  ? preempt_schedule+0x4d/0x60
[   36.872661]  ? ___preempt_schedule+0x16/0x18
[   36.877150]  ? trace_hardirqs_on+0xb4/0x310
[   36.881464]  kasan_end_report+0x47/0x4f
[   36.885424]  kasan_report.cold.9+0x76/0x309
[   36.889730]  ? memcmp+0xe3/0x160
[   36.893088]  __asan_report_load1_noabort+0x14/0x20
[   36.898001]  memcmp+0xe3/0x160
[   36.901178]  strnstr+0x4b/0x70
[   36.904363]  __aa_lookupn_ns+0xc1/0x570
[   36.908326]  ? aa_find_ns+0x30/0x30
[   36.911937]  ? lock_acquire+0x1ed/0x520
[   36.915923]  ? __aa_lookupn_ns+0x570/0x570
[   36.920184]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.925706]  ? check_preemption_disabled+0x48/0x200
[   36.930707]  ? kasan_check_read+0x11/0x20
[   36.934862]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   36.940145]  ? rcu_bh_qs+0xc0/0xc0
[   36.943696]  ? print_usage_bug+0xc0/0xc0
[   36.947748]  aa_lookupn_ns+0x88/0x1e0
[   36.951537]  aa_fqlookupn_profile+0x1b9/0x1010
[   36.956102]  ? lru_cache_add+0x417/0xa50
[   36.960156]  ? aa_lookup_profile+0x30/0x30
[   36.964385]  ? __lock_acquire+0x7ec/0x4ec0
[   36.968618]  ? noop_count+0x40/0x40
[   36.972240]  ? rcu_bh_qs+0xc0/0xc0
[   36.975769]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.981292]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.986754]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.992190]  ? mark_held_locks+0x130/0x130
[   36.996417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.001947]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   37.007492]  fqlookupn_profile+0x80/0xc0
[   37.011545]  aa_label_strn_parse+0xa3a/0x1230
[   37.016134]  ? aa_label_printk+0x850/0x850
[   37.020455]  ? lockdep_on+0x50/0x50
[   37.024080]  ? graph_lock+0x170/0x170
[   37.027873]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.033395]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   37.038923]  ? refcount_add_not_zero_checked+0x330/0x330
[   37.044472]  ? graph_lock+0x170/0x170
[   37.048257]  ? find_held_lock+0x36/0x1c0
[   37.052306]  aa_label_parse+0x42/0x50
[   37.056101]  aa_change_profile+0x513/0x3510
[   37.060408]  ? lock_acquire+0x1ed/0x520
[   37.064373]  ? aa_change_hat+0x1a20/0x1a20
[   37.068599]  ? is_bpf_text_address+0xd3/0x170
[   37.073089]  ? __mutex_lock+0x85e/0x1700
[   37.077137]  ? proc_pid_attr_write+0x28a/0x540
[   37.081715]  ? mutex_trylock+0x2b0/0x2b0
[   37.085762]  ? save_stack+0xa9/0xd0
[   37.089370]  ? save_stack+0x43/0xd0
[   37.092987]  ? kasan_kmalloc+0xc7/0xe0
[   37.096863]  ? __kmalloc_track_caller+0x14a/0x750
[   37.101691]  ? proc_pid_attr_write+0x198/0x540
[   37.106337]  ? graph_lock+0x170/0x170
[   37.110129]  ? __x64_sys_write+0x73/0xb0
[   37.114185]  ? graph_lock+0x170/0x170
[   37.117968]  ? mark_held_locks+0x130/0x130
[   37.122195]  apparmor_setprocattr+0xa8b/0x1150
[   37.126783]  ? apparmor_task_kill+0xcb0/0xcb0
[   37.131279]  ? lock_downgrade+0x900/0x900
[   37.135420]  ? arch_local_save_flags+0x40/0x40
[   37.140003]  security_setprocattr+0x66/0xc0
[   37.144385]  proc_pid_attr_write+0x301/0x540
[   37.148890]  __vfs_write+0x119/0x9f0
[   37.152590]  ? check_preemption_disabled+0x48/0x200
[   37.157652]  ? proc_loginuid_write+0x4f0/0x4f0
[   37.162233]  ? kernel_read+0x120/0x120
[   37.166117]  ? __lock_is_held+0xb5/0x140
[   37.170168]  ? rcu_read_lock_sched_held+0x108/0x120
[   37.175186]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.180717]  ? __sb_start_write+0x1b2/0x370
[   37.185028]  vfs_write+0x1fc/0x560
[   37.188565]  ksys_write+0x101/0x260
[   37.192204]  ? __ia32_sys_read+0xb0/0xb0
[   37.196367]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   37.201893]  __x64_sys_write+0x73/0xb0
[   37.205780]  do_syscall_64+0x1b9/0x820
[   37.209662]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.215015]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.219929]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.224764]  ? trace_hardirqs_on_caller+0x310/0x310
[   37.230002]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.235116]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.240747]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.245780]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.250632]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.255813] RIP: 0033:0x440d49
[   37.259056] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.277962] RSP: 002b:00007ffdbebce048 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   37.285657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   37.292996] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000003
[   37.300256] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   37.307553] R10: 00000000025b3880 R11: 0000000000000213 R12: 0000000000008d44
[   37.314816] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   37.323045] Kernel Offset: disabled
[   37.326674] Rebooting in 86400 seconds..