[   24.086280] audit: type=1800 audit(1538331665.342:21): pid=5186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   24.114875] audit: type=1800 audit(1538331665.342:22): pid=5186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   25.239342] sshd (5253) used greatest stack depth: 15496 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
syzkaller login: [   33.938186] kauditd_printk_skb: 8 callbacks suppressed
[   33.938198] audit: type=1400 audit(1538331675.192:31): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5340 comm="syz-executor528"
[   33.964022] audit: type=1400 audit(1538331675.222:32): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5341 comm="syz-executor528"
executing program
executing program
[   33.984413] audit: type=1400 audit(1538331675.242:33): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5342 comm="syz-executor528"
[   34.004722] audit: type=1400 audit(1538331675.262:34): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5343 comm="syz-executor528"
executing program
executing program
executing program
[   34.024903] audit: type=1400 audit(1538331675.282:35): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5344 comm="syz-executor528"
[   34.045390] audit: type=1400 audit(1538331675.302:36): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5345 comm="syz-executor528"
[   34.065456] audit: type=1400 audit(1538331675.322:37): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5346 comm="syz-executor528"
executing program
executing program
[   34.085539] audit: type=1400 audit(1538331675.342:38): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5347 comm="syz-executor528"
[   34.105944] audit: type=1400 audit(1538331675.362:39): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5348 comm="syz-executor528"
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   34.126362] audit: type=1400 audit(1538331675.382:40): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5349 comm="syz-executor528"
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   34.207266] ==================================================================
[   34.214734] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
[   34.220870] Read of size 1 at addr ffff8801bb107400 by task syz-executor528/5366
[   34.228381] 
[   34.229994] CPU: 1 PID: 5366 Comm: syz-executor528 Not tainted 4.19.0-rc5+ #261
[   34.237439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.246787] Call Trace:
[   34.249367]  dump_stack+0x1c4/0x2b4
[   34.252985]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.258166]  ? printk+0xa7/0xcf
[   34.261431]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   34.266177]  print_address_description.cold.8+0x9/0x1ff
[   34.271530]  kasan_report.cold.9+0x242/0x309
[   34.275924]  ? memcmp+0xe3/0x160
[   34.279279]  __asan_report_load1_noabort+0x14/0x20
[   34.284203]  memcmp+0xe3/0x160
[   34.287386]  strnstr+0x4b/0x70
[   34.290568]  __aa_lookupn_ns+0xc1/0x570
[   34.294533]  ? aa_find_ns+0x30/0x30
[   34.298148]  ? lock_acquire+0x1ed/0x520
[   34.302107]  ? __aa_lookupn_ns+0x570/0x570
[   34.306328]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.311853]  ? check_preemption_disabled+0x48/0x200
[   34.316875]  ? kasan_check_read+0x11/0x20
[   34.321010]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.326278]  ? rcu_bh_qs+0xc0/0xc0
[   34.329807]  ? print_usage_bug+0xc0/0xc0
[   34.333863]  aa_lookupn_ns+0x88/0x1e0
[   34.337685]  aa_fqlookupn_profile+0x1b9/0x1010
[   34.342266]  ? lru_cache_add+0x417/0xa50
[   34.346316]  ? aa_lookup_profile+0x30/0x30
[   34.350551]  ? __lock_acquire+0x7ec/0x4ec0
[   34.354773]  ? noop_count+0x40/0x40
[   34.358384]  ? rcu_bh_qs+0xc0/0xc0
[   34.361916]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.367471]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   34.372921]  ? refcount_add_not_zero_checked+0x330/0x330
[   34.378373]  ? mark_held_locks+0x130/0x130
[   34.382598]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.388122]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.393650]  fqlookupn_profile+0x80/0xc0
[   34.397734]  aa_label_strn_parse+0xa3a/0x1230
[   34.402225]  ? aa_label_printk+0x850/0x850
[   34.406450]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   34.412232]  ? kasan_check_read+0x11/0x20
[   34.416382]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.421660]  ? rcu_bh_qs+0xc0/0xc0
[   34.425186]  ? rcu_bh_qs+0xc0/0xc0
[   34.428729]  ? unwind_dump+0x190/0x190
[   34.432619]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.438145]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   34.443580]  ? refcount_add_not_zero_checked+0x330/0x330
[   34.449018]  ? unwind_get_return_address+0x61/0xa0
[   34.453952]  ? __save_stack_trace+0x8d/0xf0
[   34.458271]  aa_label_parse+0x42/0x50
[   34.462072]  aa_change_profile+0x513/0x3260
[   34.466393]  ? save_stack+0x43/0xd0
[   34.470006]  ? kasan_kmalloc+0xc7/0xe0
[   34.473896]  ? apparmor_setprocattr+0x2ab/0x1150
[   34.478644]  ? __vfs_write+0x119/0x9f0
[   34.482536]  ? ksys_write+0x1f1/0x260
[   34.486323]  ? do_syscall_64+0x1b9/0x820
[   34.490374]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.495741]  ? aa_change_hat+0x1890/0x1890
[   34.499971]  ? find_held_lock+0x36/0x1c0
[   34.504027]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.509554]  ? check_preemption_disabled+0x48/0x200
[   34.514555]  ? check_preemption_disabled+0x48/0x200
[   34.519561]  ? __lock_is_held+0xb5/0x140
[   34.523614]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.528632]  ? __kmalloc+0x5de/0x760
[   34.532334]  ? graph_lock+0x170/0x170
[   34.536135]  ? mark_held_locks+0x130/0x130
[   34.540361]  apparmor_setprocattr+0xa8b/0x1150
[   34.544944]  ? apparmor_task_kill+0xcb0/0xcb0
[   34.549425]  ? lock_downgrade+0x900/0x900
[   34.553561]  ? arch_local_save_flags+0x40/0x40
[   34.558144]  security_setprocattr+0x66/0xc0
[   34.562452]  proc_pid_attr_write+0x301/0x540
[   34.566848]  __vfs_write+0x119/0x9f0
[   34.570550]  ? check_preemption_disabled+0x48/0x200
[   34.575549]  ? proc_loginuid_write+0x4f0/0x4f0
[   34.580120]  ? kernel_read+0x120/0x120
[   34.583999]  ? __lock_is_held+0xb5/0x140
[   34.588070]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.593075]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.598598]  ? __sb_start_write+0x1b2/0x370
[   34.602939]  vfs_write+0x1fc/0x560
[   34.606467]  ksys_write+0x101/0x260
[   34.610081]  ? __ia32_sys_read+0xb0/0xb0
[   34.614131]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   34.619572]  __x64_sys_write+0x73/0xb0
[   34.623452]  do_syscall_64+0x1b9/0x820
[   34.627325]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.632682]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.637606]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.642435]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.647441]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.652459]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.657984]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.662987]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.667960]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.673133] RIP: 0033:0x440d49
[   34.676310] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.695195] RSP: 002b:00007ffc1c490338 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   34.702905] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   34.710158] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003
[   34.717409] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   34.724662] R10: 00000000012ee880 R11: 0000000000000213 R12: 0000000000008588
[   34.731915] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   34.739177] 
[   34.740788] The buggy address belongs to the page:
[   34.745710] page:ffffea0006ec41c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   34.753838] flags: 0x2fffc0000000000()
[   34.757728] raw: 02fffc0000000000 0000000000000000 ffffffff06ec0101 0000000000000000
[   34.765596] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   34.773454] page dumped because: kasan: bad access detected
[   34.779144] 
[   34.780756] Memory state around the buggy address:
[   34.785671]  ffff8801bb107300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.793039]  ffff8801bb107380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   34.800393] >ffff8801bb107400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   34.807745]                    ^
[   34.811098]  ffff8801bb107480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   34.818683]  ffff8801bb107500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00
[   34.826050] ==================================================================
[   34.833392] Disabling lock debugging due to kernel taint
[   34.840238] Kernel panic - not syncing: panic_on_warn set ...
[   34.840238] 
[   34.847618] CPU: 1 PID: 5366 Comm: syz-executor528 Tainted: G    B             4.19.0-rc5+ #261
[   34.856433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.865769] Call Trace:
[   34.868342]  dump_stack+0x1c4/0x2b4
[   34.871955]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.877131]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.881873]  panic+0x238/0x4e7
[   34.885048]  ? add_taint.cold.5+0x16/0x16
[   34.889385]  ? preempt_schedule+0x4d/0x60
[   34.893532]  ? ___preempt_schedule+0x16/0x18
[   34.897925]  ? trace_hardirqs_on+0xb4/0x310
[   34.902232]  kasan_end_report+0x47/0x4f
[   34.906191]  kasan_report.cold.9+0x76/0x309
[   34.910495]  ? memcmp+0xe3/0x160
[   34.913845]  __asan_report_load1_noabort+0x14/0x20
[   34.918775]  memcmp+0xe3/0x160
[   34.921957]  strnstr+0x4b/0x70
[   34.925134]  __aa_lookupn_ns+0xc1/0x570
[   34.929092]  ? aa_find_ns+0x30/0x30
[   34.932710]  ? lock_acquire+0x1ed/0x520
[   34.936670]  ? __aa_lookupn_ns+0x570/0x570
[   34.940924]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.946450]  ? check_preemption_disabled+0x48/0x200
[   34.951452]  ? kasan_check_read+0x11/0x20
[   34.955587]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.960857]  ? rcu_bh_qs+0xc0/0xc0
[   34.964383]  ? print_usage_bug+0xc0/0xc0
[   34.968461]  aa_lookupn_ns+0x88/0x1e0
[   34.972245]  aa_fqlookupn_profile+0x1b9/0x1010
[   34.976812]  ? lru_cache_add+0x417/0xa50
[   34.980861]  ? aa_lookup_profile+0x30/0x30
[   34.985078]  ? __lock_acquire+0x7ec/0x4ec0
[   34.989296]  ? noop_count+0x40/0x40
[   34.992907]  ? rcu_bh_qs+0xc0/0xc0
[   34.996435]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.001956]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   35.007391]  ? refcount_add_not_zero_checked+0x330/0x330
[   35.012825]  ? mark_held_locks+0x130/0x130
[   35.017044]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.022576]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   35.028100]  fqlookupn_profile+0x80/0xc0
[   35.032151]  aa_label_strn_parse+0xa3a/0x1230
[   35.036637]  ? aa_label_printk+0x850/0x850
[   35.040861]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   35.046639]  ? kasan_check_read+0x11/0x20
[   35.050771]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   35.056033]  ? rcu_bh_qs+0xc0/0xc0
[   35.059556]  ? rcu_bh_qs+0xc0/0xc0
[   35.063083]  ? unwind_dump+0x190/0x190
[   35.066956]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.072487]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   35.077949]  ? refcount_add_not_zero_checked+0x330/0x330
[   35.083396]  ? unwind_get_return_address+0x61/0xa0
[   35.088316]  ? __save_stack_trace+0x8d/0xf0
[   35.092627]  aa_label_parse+0x42/0x50
[   35.096415]  aa_change_profile+0x513/0x3260
[   35.100724]  ? save_stack+0x43/0xd0
[   35.104346]  ? kasan_kmalloc+0xc7/0xe0
[   35.108218]  ? apparmor_setprocattr+0x2ab/0x1150
[   35.112957]  ? __vfs_write+0x119/0x9f0
[   35.116826]  ? ksys_write+0x1f1/0x260
[   35.120610]  ? do_syscall_64+0x1b9/0x820
[   35.124654]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.130001]  ? aa_change_hat+0x1890/0x1890
[   35.134218]  ? find_held_lock+0x36/0x1c0
[   35.138279]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.143822]  ? check_preemption_disabled+0x48/0x200
[   35.148822]  ? check_preemption_disabled+0x48/0x200
[   35.153838]  ? __lock_is_held+0xb5/0x140
[   35.157890]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.162890]  ? __kmalloc+0x5de/0x760
[   35.166599]  ? graph_lock+0x170/0x170
[   35.170389]  ? mark_held_locks+0x130/0x130
[   35.174627]  apparmor_setprocattr+0xa8b/0x1150
[   35.179198]  ? apparmor_task_kill+0xcb0/0xcb0
[   35.183677]  ? lock_downgrade+0x900/0x900
[   35.187817]  ? arch_local_save_flags+0x40/0x40
[   35.192394]  security_setprocattr+0x66/0xc0
[   35.196711]  proc_pid_attr_write+0x301/0x540
[   35.201125]  __vfs_write+0x119/0x9f0
[   35.204827]  ? check_preemption_disabled+0x48/0x200
[   35.209830]  ? proc_loginuid_write+0x4f0/0x4f0
[   35.214398]  ? kernel_read+0x120/0x120
[   35.218277]  ? __lock_is_held+0xb5/0x140
[   35.222327]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.227330]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.232852]  ? __sb_start_write+0x1b2/0x370
[   35.237173]  vfs_write+0x1fc/0x560
[   35.240716]  ksys_write+0x101/0x260
[   35.244346]  ? __ia32_sys_read+0xb0/0xb0
[   35.248395]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   35.253847]  __x64_sys_write+0x73/0xb0
[   35.257742]  do_syscall_64+0x1b9/0x820
[   35.261632]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.266980]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.271912]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.276749]  ? trace_hardirqs_on_caller+0x310/0x310
[   35.281753]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.286766]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.292287]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.297288]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.302133]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.307304] RIP: 0033:0x440d49
[   35.310481] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.329366] RSP: 002b:00007ffc1c490338 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   35.337076] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   35.344329] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003
[   35.351585] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   35.358837] R10: 00000000012ee880 R11: 0000000000000213 R12: 0000000000008588
[   35.366090] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   35.374270] Kernel Offset: disabled
[   35.377892] Rebooting in 86400 seconds..