[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.162296] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.174813] random: sshd: uninitialized urandom read (32 bytes read) [ 29.557990] random: sshd: uninitialized urandom read (32 bytes read) [ 30.190860] random: sshd: uninitialized urandom read (32 bytes read) [ 30.405096] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. [ 36.009342] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program executing program [ 36.143231] audit: type=1400 audit(1537827375.259:2): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5392 comm="syz-executor375" [ 36.170548] audit: type=1400 audit(1537827375.289:3): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5393 comm="syz-executor375" executing program [ 36.198702] audit: type=1400 audit(1537827375.319:4): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5394 comm="syz-executor375" [ 36.218522] ================================================================== [ 36.226004] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160 [ 36.232167] Read of size 1 at addr ffff8801d3e3f400 by task syz-executor375/5395 [ 36.239684] [ 36.241302] CPU: 1 PID: 5395 Comm: syz-executor375 Not tainted 4.19.0-rc5+ #252 [ 36.248736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.258074] Call Trace: [ 36.260659] dump_stack+0x1c4/0x2b4 [ 36.264276] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.269459] ? printk+0xa7/0xcf [ 36.272744] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.277495] print_address_description.cold.8+0x9/0x1ff [ 36.282854] kasan_report.cold.9+0x242/0x309 [ 36.287263] ? memcmp+0xe3/0x160 [ 36.290621] __asan_report_load1_noabort+0x14/0x20 [ 36.295551] memcmp+0xe3/0x160 [ 36.298733] strnstr+0x4b/0x70 [ 36.301930] __aa_lookupn_ns+0xc1/0x570 [ 36.305909] ? aa_find_ns+0x30/0x30 [ 36.309544] ? lock_acquire+0x1ed/0x520 [ 36.313507] ? __aa_lookupn_ns+0x570/0x570 [ 36.317732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.324040] ? check_preemption_disabled+0x48/0x200 [ 36.329047] ? kasan_check_read+0x11/0x20 [ 36.333197] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.338481] ? rcu_bh_qs+0xc0/0xc0 [ 36.342012] ? print_usage_bug+0xc0/0xc0 [ 36.346071] aa_lookupn_ns+0x88/0x1e0 [ 36.349862] aa_fqlookupn_profile+0x1b9/0x1010 [ 36.354438] ? lru_cache_add+0x417/0xa50 [ 36.358500] ? aa_lookup_profile+0x30/0x30 [ 36.362745] ? __lock_acquire+0x7ec/0x4ec0 [ 36.366974] ? noop_count+0x40/0x40 [ 36.370618] ? rcu_bh_qs+0xc0/0xc0 [ 36.374178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.379706] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 36.385152] ? refcount_add_not_zero_checked+0x330/0x330 [ 36.390590] ? mark_held_locks+0x130/0x130 [ 36.394826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.400365] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.405904] fqlookupn_profile+0x80/0xc0 [ 36.409970] aa_label_strn_parse+0xa3a/0x1230 [ 36.414460] ? aa_label_printk+0x850/0x850 [ 36.418687] ? lockdep_on+0x50/0x50 [ 36.422304] ? graph_lock+0x170/0x170 [ 36.426108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.431667] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 36.437124] ? refcount_add_not_zero_checked+0x330/0x330 [ 36.442568] ? graph_lock+0x170/0x170 [ 36.446374] ? find_held_lock+0x36/0x1c0 [ 36.450433] aa_label_parse+0x42/0x50 [ 36.454225] aa_change_profile+0x513/0x3510 [ 36.458540] ? lock_acquire+0x1ed/0x520 [ 36.462505] ? aa_change_hat+0x1a20/0x1a20 [ 36.466741] ? is_bpf_text_address+0xd3/0x170 [ 36.471227] ? __mutex_lock+0x85e/0x1700 [ 36.475283] ? proc_pid_attr_write+0x28a/0x540 [ 36.479875] ? mutex_trylock+0x2b0/0x2b0 [ 36.483921] ? save_stack+0xa9/0xd0 [ 36.487546] ? save_stack+0x43/0xd0 [ 36.491167] ? kasan_kmalloc+0xc7/0xe0 [ 36.495041] ? __kmalloc_track_caller+0x14a/0x750 [ 36.499878] ? proc_pid_attr_write+0x198/0x540 [ 36.504451] ? graph_lock+0x170/0x170 [ 36.508258] ? __x64_sys_write+0x73/0xb0 [ 36.512322] ? graph_lock+0x170/0x170 [ 36.516108] ? mark_held_locks+0x130/0x130 [ 36.520333] apparmor_setprocattr+0xa8b/0x1150 [ 36.524918] ? apparmor_task_kill+0xcb0/0xcb0 [ 36.529409] ? lock_downgrade+0x900/0x900 [ 36.533545] ? arch_local_save_flags+0x40/0x40 [ 36.538132] security_setprocattr+0x66/0xc0 [ 36.542449] proc_pid_attr_write+0x301/0x540 [ 36.546847] __vfs_write+0x119/0x9f0 [ 36.550549] ? check_preemption_disabled+0x48/0x200 [ 36.555552] ? proc_loginuid_write+0x4f0/0x4f0 [ 36.560149] ? kernel_read+0x120/0x120 [ 36.564048] ? __lock_is_held+0xb5/0x140 [ 36.568102] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.573107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.578640] ? __sb_start_write+0x1b2/0x370 [ 36.582961] vfs_write+0x1fc/0x560 [ 36.586492] ksys_write+0x101/0x260 [ 36.590106] ? __ia32_sys_read+0xb0/0xb0 [ 36.594171] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 36.599611] __x64_sys_write+0x73/0xb0 [ 36.603502] do_syscall_64+0x1b9/0x820 [ 36.607377] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.612743] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.617668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.622516] ? trace_hardirqs_on_caller+0x310/0x310 [ 36.627520] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.632532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.638053] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.643078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.647914] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.653086] RIP: 0033:0x440d49 [ 36.656276] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 36.675180] RSP: 002b:00007ffdbebce048 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 36.682875] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 36.690128] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000003 [ 36.697389] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 36.704663] R10: 00000000025b3880 R11: 0000000000000213 R12: 0000000000008d44 [ 36.711921] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 36.719186] [ 36.720795] The buggy address belongs to the page: [ 36.725713] page:ffffea00074f8fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 36.733848] flags: 0x2fffc0000000000() [ 36.737729] raw: 02fffc0000000000 0000000000000000 ffffffff074f0101 0000000000000000 [ 36.745603] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 36.753470] page dumped because: kasan: bad access detected [ 36.759163] [ 36.760784] Memory state around the buggy address: [ 36.765697] ffff8801d3e3f300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.773038] ffff8801d3e3f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 36.780392] >ffff8801d3e3f400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 36.787746] ^ [ 36.791098] ffff8801d3e3f480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 36.798438] ffff8801d3e3f500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 36.805776] ================================================================== [ 36.813113] Disabling lock debugging due to kernel taint [ 36.819488] Kernel panic - not syncing: panic_on_warn set ... [ 36.819488] [ 36.826870] CPU: 1 PID: 5395 Comm: syz-executor375 Tainted: G B 4.19.0-rc5+ #252 [ 36.835691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.845052] Call Trace: [ 36.847644] dump_stack+0x1c4/0x2b4 [ 36.851258] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.856439] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 36.861182] panic+0x238/0x4e7 [ 36.864367] ? add_taint.cold.5+0x16/0x16 [ 36.868510] ? preempt_schedule+0x4d/0x60 [ 36.872661] ? ___preempt_schedule+0x16/0x18 [ 36.877150] ? trace_hardirqs_on+0xb4/0x310 [ 36.881464] kasan_end_report+0x47/0x4f [ 36.885424] kasan_report.cold.9+0x76/0x309 [ 36.889730] ? memcmp+0xe3/0x160 [ 36.893088] __asan_report_load1_noabort+0x14/0x20 [ 36.898001] memcmp+0xe3/0x160 [ 36.901178] strnstr+0x4b/0x70 [ 36.904363] __aa_lookupn_ns+0xc1/0x570 [ 36.908326] ? aa_find_ns+0x30/0x30 [ 36.911937] ? lock_acquire+0x1ed/0x520 [ 36.915923] ? __aa_lookupn_ns+0x570/0x570 [ 36.920184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.925706] ? check_preemption_disabled+0x48/0x200 [ 36.930707] ? kasan_check_read+0x11/0x20 [ 36.934862] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 36.940145] ? rcu_bh_qs+0xc0/0xc0 [ 36.943696] ? print_usage_bug+0xc0/0xc0 [ 36.947748] aa_lookupn_ns+0x88/0x1e0 [ 36.951537] aa_fqlookupn_profile+0x1b9/0x1010 [ 36.956102] ? lru_cache_add+0x417/0xa50 [ 36.960156] ? aa_lookup_profile+0x30/0x30 [ 36.964385] ? __lock_acquire+0x7ec/0x4ec0 [ 36.968618] ? noop_count+0x40/0x40 [ 36.972240] ? rcu_bh_qs+0xc0/0xc0 [ 36.975769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.981292] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 36.986754] ? refcount_add_not_zero_checked+0x330/0x330 [ 36.992190] ? mark_held_locks+0x130/0x130 [ 36.996417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.001947] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.007492] fqlookupn_profile+0x80/0xc0 [ 37.011545] aa_label_strn_parse+0xa3a/0x1230 [ 37.016134] ? aa_label_printk+0x850/0x850 [ 37.020455] ? lockdep_on+0x50/0x50 [ 37.024080] ? graph_lock+0x170/0x170 [ 37.027873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.033395] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.038923] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.044472] ? graph_lock+0x170/0x170 [ 37.048257] ? find_held_lock+0x36/0x1c0 [ 37.052306] aa_label_parse+0x42/0x50 [ 37.056101] aa_change_profile+0x513/0x3510 [ 37.060408] ? lock_acquire+0x1ed/0x520 [ 37.064373] ? aa_change_hat+0x1a20/0x1a20 [ 37.068599] ? is_bpf_text_address+0xd3/0x170 [ 37.073089] ? __mutex_lock+0x85e/0x1700 [ 37.077137] ? proc_pid_attr_write+0x28a/0x540 [ 37.081715] ? mutex_trylock+0x2b0/0x2b0 [ 37.085762] ? save_stack+0xa9/0xd0 [ 37.089370] ? save_stack+0x43/0xd0 [ 37.092987] ? kasan_kmalloc+0xc7/0xe0 [ 37.096863] ? __kmalloc_track_caller+0x14a/0x750 [ 37.101691] ? proc_pid_attr_write+0x198/0x540 [ 37.106337] ? graph_lock+0x170/0x170 [ 37.110129] ? __x64_sys_write+0x73/0xb0 [ 37.114185] ? graph_lock+0x170/0x170 [ 37.117968] ? mark_held_locks+0x130/0x130 [ 37.122195] apparmor_setprocattr+0xa8b/0x1150 [ 37.126783] ? apparmor_task_kill+0xcb0/0xcb0 [ 37.131279] ? lock_downgrade+0x900/0x900 [ 37.135420] ? arch_local_save_flags+0x40/0x40 [ 37.140003] security_setprocattr+0x66/0xc0 [ 37.144385] proc_pid_attr_write+0x301/0x540 [ 37.148890] __vfs_write+0x119/0x9f0 [ 37.152590] ? check_preemption_disabled+0x48/0x200 [ 37.157652] ? proc_loginuid_write+0x4f0/0x4f0 [ 37.162233] ? kernel_read+0x120/0x120 [ 37.166117] ? __lock_is_held+0xb5/0x140 [ 37.170168] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.175186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.180717] ? __sb_start_write+0x1b2/0x370 [ 37.185028] vfs_write+0x1fc/0x560 [ 37.188565] ksys_write+0x101/0x260 [ 37.192204] ? __ia32_sys_read+0xb0/0xb0 [ 37.196367] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 37.201893] __x64_sys_write+0x73/0xb0 [ 37.205780] do_syscall_64+0x1b9/0x820 [ 37.209662] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.215015] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.219929] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.224764] ? trace_hardirqs_on_caller+0x310/0x310 [ 37.230002] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.235116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.240747] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.245780] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.250632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.255813] RIP: 0033:0x440d49 [ 37.259056] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.277962] RSP: 002b:00007ffdbebce048 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 37.285657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 37.292996] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000003 [ 37.300256] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 37.307553] R10: 00000000025b3880 R11: 0000000000000213 R12: 0000000000008d44 [ 37.314816] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 37.323045] Kernel Offset: disabled [ 37.326674] Rebooting in 86400 seconds..