[ 24.086280] audit: type=1800 audit(1538331665.342:21): pid=5186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 24.114875] audit: type=1800 audit(1538331665.342:22): pid=5186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 25.239342] sshd (5253) used greatest stack depth: 15496 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts. executing program executing program executing program syzkaller login: [ 33.938186] kauditd_printk_skb: 8 callbacks suppressed [ 33.938198] audit: type=1400 audit(1538331675.192:31): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5340 comm="syz-executor528" [ 33.964022] audit: type=1400 audit(1538331675.222:32): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5341 comm="syz-executor528" executing program executing program [ 33.984413] audit: type=1400 audit(1538331675.242:33): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5342 comm="syz-executor528" [ 34.004722] audit: type=1400 audit(1538331675.262:34): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5343 comm="syz-executor528" executing program executing program executing program [ 34.024903] audit: type=1400 audit(1538331675.282:35): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5344 comm="syz-executor528" [ 34.045390] audit: type=1400 audit(1538331675.302:36): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5345 comm="syz-executor528" [ 34.065456] audit: type=1400 audit(1538331675.322:37): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5346 comm="syz-executor528" executing program executing program [ 34.085539] audit: type=1400 audit(1538331675.342:38): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5347 comm="syz-executor528" [ 34.105944] audit: type=1400 audit(1538331675.362:39): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5348 comm="syz-executor528" executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 34.126362] audit: type=1400 audit(1538331675.382:40): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5349 comm="syz-executor528" executing program executing program executing program executing program executing program executing program executing program [ 34.207266] ================================================================== [ 34.214734] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160 [ 34.220870] Read of size 1 at addr ffff8801bb107400 by task syz-executor528/5366 [ 34.228381] [ 34.229994] CPU: 1 PID: 5366 Comm: syz-executor528 Not tainted 4.19.0-rc5+ #261 [ 34.237439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.246787] Call Trace: [ 34.249367] dump_stack+0x1c4/0x2b4 [ 34.252985] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.258166] ? printk+0xa7/0xcf [ 34.261431] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 34.266177] print_address_description.cold.8+0x9/0x1ff [ 34.271530] kasan_report.cold.9+0x242/0x309 [ 34.275924] ? memcmp+0xe3/0x160 [ 34.279279] __asan_report_load1_noabort+0x14/0x20 [ 34.284203] memcmp+0xe3/0x160 [ 34.287386] strnstr+0x4b/0x70 [ 34.290568] __aa_lookupn_ns+0xc1/0x570 [ 34.294533] ? aa_find_ns+0x30/0x30 [ 34.298148] ? lock_acquire+0x1ed/0x520 [ 34.302107] ? __aa_lookupn_ns+0x570/0x570 [ 34.306328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.311853] ? check_preemption_disabled+0x48/0x200 [ 34.316875] ? kasan_check_read+0x11/0x20 [ 34.321010] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.326278] ? rcu_bh_qs+0xc0/0xc0 [ 34.329807] ? print_usage_bug+0xc0/0xc0 [ 34.333863] aa_lookupn_ns+0x88/0x1e0 [ 34.337685] aa_fqlookupn_profile+0x1b9/0x1010 [ 34.342266] ? lru_cache_add+0x417/0xa50 [ 34.346316] ? aa_lookup_profile+0x30/0x30 [ 34.350551] ? __lock_acquire+0x7ec/0x4ec0 [ 34.354773] ? noop_count+0x40/0x40 [ 34.358384] ? rcu_bh_qs+0xc0/0xc0 [ 34.361916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.367471] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 34.372921] ? refcount_add_not_zero_checked+0x330/0x330 [ 34.378373] ? mark_held_locks+0x130/0x130 [ 34.382598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.388122] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.393650] fqlookupn_profile+0x80/0xc0 [ 34.397734] aa_label_strn_parse+0xa3a/0x1230 [ 34.402225] ? aa_label_printk+0x850/0x850 [ 34.406450] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 34.412232] ? kasan_check_read+0x11/0x20 [ 34.416382] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.421660] ? rcu_bh_qs+0xc0/0xc0 [ 34.425186] ? rcu_bh_qs+0xc0/0xc0 [ 34.428729] ? unwind_dump+0x190/0x190 [ 34.432619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.438145] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 34.443580] ? refcount_add_not_zero_checked+0x330/0x330 [ 34.449018] ? unwind_get_return_address+0x61/0xa0 [ 34.453952] ? __save_stack_trace+0x8d/0xf0 [ 34.458271] aa_label_parse+0x42/0x50 [ 34.462072] aa_change_profile+0x513/0x3260 [ 34.466393] ? save_stack+0x43/0xd0 [ 34.470006] ? kasan_kmalloc+0xc7/0xe0 [ 34.473896] ? apparmor_setprocattr+0x2ab/0x1150 [ 34.478644] ? __vfs_write+0x119/0x9f0 [ 34.482536] ? ksys_write+0x1f1/0x260 [ 34.486323] ? do_syscall_64+0x1b9/0x820 [ 34.490374] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.495741] ? aa_change_hat+0x1890/0x1890 [ 34.499971] ? find_held_lock+0x36/0x1c0 [ 34.504027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.509554] ? check_preemption_disabled+0x48/0x200 [ 34.514555] ? check_preemption_disabled+0x48/0x200 [ 34.519561] ? __lock_is_held+0xb5/0x140 [ 34.523614] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.528632] ? __kmalloc+0x5de/0x760 [ 34.532334] ? graph_lock+0x170/0x170 [ 34.536135] ? mark_held_locks+0x130/0x130 [ 34.540361] apparmor_setprocattr+0xa8b/0x1150 [ 34.544944] ? apparmor_task_kill+0xcb0/0xcb0 [ 34.549425] ? lock_downgrade+0x900/0x900 [ 34.553561] ? arch_local_save_flags+0x40/0x40 [ 34.558144] security_setprocattr+0x66/0xc0 [ 34.562452] proc_pid_attr_write+0x301/0x540 [ 34.566848] __vfs_write+0x119/0x9f0 [ 34.570550] ? check_preemption_disabled+0x48/0x200 [ 34.575549] ? proc_loginuid_write+0x4f0/0x4f0 [ 34.580120] ? kernel_read+0x120/0x120 [ 34.583999] ? __lock_is_held+0xb5/0x140 [ 34.588070] ? rcu_read_lock_sched_held+0x108/0x120 [ 34.593075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.598598] ? __sb_start_write+0x1b2/0x370 [ 34.602939] vfs_write+0x1fc/0x560 [ 34.606467] ksys_write+0x101/0x260 [ 34.610081] ? __ia32_sys_read+0xb0/0xb0 [ 34.614131] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 34.619572] __x64_sys_write+0x73/0xb0 [ 34.623452] do_syscall_64+0x1b9/0x820 [ 34.627325] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.632682] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.637606] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.642435] ? trace_hardirqs_on_caller+0x310/0x310 [ 34.647441] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 34.652459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.657984] ? prepare_exit_to_usermode+0x291/0x3b0 [ 34.662987] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.667960] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.673133] RIP: 0033:0x440d49 [ 34.676310] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 34.695195] RSP: 002b:00007ffc1c490338 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 34.702905] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 34.710158] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 34.717409] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 34.724662] R10: 00000000012ee880 R11: 0000000000000213 R12: 0000000000008588 [ 34.731915] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 34.739177] [ 34.740788] The buggy address belongs to the page: [ 34.745710] page:ffffea0006ec41c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 34.753838] flags: 0x2fffc0000000000() [ 34.757728] raw: 02fffc0000000000 0000000000000000 ffffffff06ec0101 0000000000000000 [ 34.765596] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 34.773454] page dumped because: kasan: bad access detected [ 34.779144] [ 34.780756] Memory state around the buggy address: [ 34.785671] ffff8801bb107300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.793039] ffff8801bb107380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 34.800393] >ffff8801bb107400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 34.807745] ^ [ 34.811098] ffff8801bb107480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 34.818683] ffff8801bb107500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 34.826050] ================================================================== [ 34.833392] Disabling lock debugging due to kernel taint [ 34.840238] Kernel panic - not syncing: panic_on_warn set ... [ 34.840238] [ 34.847618] CPU: 1 PID: 5366 Comm: syz-executor528 Tainted: G B 4.19.0-rc5+ #261 [ 34.856433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.865769] Call Trace: [ 34.868342] dump_stack+0x1c4/0x2b4 [ 34.871955] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.877131] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.881873] panic+0x238/0x4e7 [ 34.885048] ? add_taint.cold.5+0x16/0x16 [ 34.889385] ? preempt_schedule+0x4d/0x60 [ 34.893532] ? ___preempt_schedule+0x16/0x18 [ 34.897925] ? trace_hardirqs_on+0xb4/0x310 [ 34.902232] kasan_end_report+0x47/0x4f [ 34.906191] kasan_report.cold.9+0x76/0x309 [ 34.910495] ? memcmp+0xe3/0x160 [ 34.913845] __asan_report_load1_noabort+0x14/0x20 [ 34.918775] memcmp+0xe3/0x160 [ 34.921957] strnstr+0x4b/0x70 [ 34.925134] __aa_lookupn_ns+0xc1/0x570 [ 34.929092] ? aa_find_ns+0x30/0x30 [ 34.932710] ? lock_acquire+0x1ed/0x520 [ 34.936670] ? __aa_lookupn_ns+0x570/0x570 [ 34.940924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.946450] ? check_preemption_disabled+0x48/0x200 [ 34.951452] ? kasan_check_read+0x11/0x20 [ 34.955587] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 34.960857] ? rcu_bh_qs+0xc0/0xc0 [ 34.964383] ? print_usage_bug+0xc0/0xc0 [ 34.968461] aa_lookupn_ns+0x88/0x1e0 [ 34.972245] aa_fqlookupn_profile+0x1b9/0x1010 [ 34.976812] ? lru_cache_add+0x417/0xa50 [ 34.980861] ? aa_lookup_profile+0x30/0x30 [ 34.985078] ? __lock_acquire+0x7ec/0x4ec0 [ 34.989296] ? noop_count+0x40/0x40 [ 34.992907] ? rcu_bh_qs+0xc0/0xc0 [ 34.996435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.001956] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 35.007391] ? refcount_add_not_zero_checked+0x330/0x330 [ 35.012825] ? mark_held_locks+0x130/0x130 [ 35.017044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.022576] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.028100] fqlookupn_profile+0x80/0xc0 [ 35.032151] aa_label_strn_parse+0xa3a/0x1230 [ 35.036637] ? aa_label_printk+0x850/0x850 [ 35.040861] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 35.046639] ? kasan_check_read+0x11/0x20 [ 35.050771] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 35.056033] ? rcu_bh_qs+0xc0/0xc0 [ 35.059556] ? rcu_bh_qs+0xc0/0xc0 [ 35.063083] ? unwind_dump+0x190/0x190 [ 35.066956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.072487] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 35.077949] ? refcount_add_not_zero_checked+0x330/0x330 [ 35.083396] ? unwind_get_return_address+0x61/0xa0 [ 35.088316] ? __save_stack_trace+0x8d/0xf0 [ 35.092627] aa_label_parse+0x42/0x50 [ 35.096415] aa_change_profile+0x513/0x3260 [ 35.100724] ? save_stack+0x43/0xd0 [ 35.104346] ? kasan_kmalloc+0xc7/0xe0 [ 35.108218] ? apparmor_setprocattr+0x2ab/0x1150 [ 35.112957] ? __vfs_write+0x119/0x9f0 [ 35.116826] ? ksys_write+0x1f1/0x260 [ 35.120610] ? do_syscall_64+0x1b9/0x820 [ 35.124654] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.130001] ? aa_change_hat+0x1890/0x1890 [ 35.134218] ? find_held_lock+0x36/0x1c0 [ 35.138279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.143822] ? check_preemption_disabled+0x48/0x200 [ 35.148822] ? check_preemption_disabled+0x48/0x200 [ 35.153838] ? __lock_is_held+0xb5/0x140 [ 35.157890] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.162890] ? __kmalloc+0x5de/0x760 [ 35.166599] ? graph_lock+0x170/0x170 [ 35.170389] ? mark_held_locks+0x130/0x130 [ 35.174627] apparmor_setprocattr+0xa8b/0x1150 [ 35.179198] ? apparmor_task_kill+0xcb0/0xcb0 [ 35.183677] ? lock_downgrade+0x900/0x900 [ 35.187817] ? arch_local_save_flags+0x40/0x40 [ 35.192394] security_setprocattr+0x66/0xc0 [ 35.196711] proc_pid_attr_write+0x301/0x540 [ 35.201125] __vfs_write+0x119/0x9f0 [ 35.204827] ? check_preemption_disabled+0x48/0x200 [ 35.209830] ? proc_loginuid_write+0x4f0/0x4f0 [ 35.214398] ? kernel_read+0x120/0x120 [ 35.218277] ? __lock_is_held+0xb5/0x140 [ 35.222327] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.227330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.232852] ? __sb_start_write+0x1b2/0x370 [ 35.237173] vfs_write+0x1fc/0x560 [ 35.240716] ksys_write+0x101/0x260 [ 35.244346] ? __ia32_sys_read+0xb0/0xb0 [ 35.248395] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 35.253847] __x64_sys_write+0x73/0xb0 [ 35.257742] do_syscall_64+0x1b9/0x820 [ 35.261632] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.266980] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.271912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.276749] ? trace_hardirqs_on_caller+0x310/0x310 [ 35.281753] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.286766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.292287] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.297288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.302133] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.307304] RIP: 0033:0x440d49 [ 35.310481] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.329366] RSP: 002b:00007ffc1c490338 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 35.337076] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 35.344329] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 35.351585] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 35.358837] R10: 00000000012ee880 R11: 0000000000000213 R12: 0000000000008588 [ 35.366090] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 35.374270] Kernel Offset: disabled [ 35.377892] Rebooting in 86400 seconds..