[....] Starting OpenBSD Secure Shell server: sshd[   25.058587] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.910018] random: sshd: uninitialized urandom read (32 bytes read)
[   29.287550] sshd (5315) used greatest stack depth: 16584 bytes left
[   29.309767] random: sshd: uninitialized urandom read (32 bytes read)
[   29.910546] random: sshd: uninitialized urandom read (32 bytes read)
[   30.116103] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts.
[   35.692028] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[   35.811875] audit: type=1400 audit(1537748192.429:2): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5332 comm="syz-executor271"
[   35.831291] audit: type=1400 audit(1537748192.449:3): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5333 comm="syz-executor271"
executing program
[   35.850476] audit: type=1400 audit(1537748192.469:4): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5334 comm="syz-executor271"
[   35.870231] ==================================================================
[   35.877677] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
[   35.883805] Read of size 1 at addr ffff8801bae5f3b0 by task syz-executor271/5335
[   35.891317] 
[   35.892939] CPU: 0 PID: 5335 Comm: syz-executor271 Not tainted 4.19.0-rc5+ #154
[   35.900496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.909835] Call Trace:
[   35.912514]  dump_stack+0x1c4/0x2b4
[   35.916137]  ? dump_stack_print_info.cold.2+0x52/0x52
[   35.921382]  ? printk+0xa7/0xcf
[   35.924657]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   35.929407]  print_address_description.cold.8+0x9/0x1ff
[   35.934808]  kasan_report.cold.9+0x242/0x309
[   35.939218]  ? memcmp+0xe3/0x160
[   35.942589]  __asan_report_load1_noabort+0x14/0x20
[   35.947504]  memcmp+0xe3/0x160
[   35.950682]  strnstr+0x4b/0x70
[   35.953867]  __aa_lookupn_ns+0xc1/0x570
[   35.958022]  ? aa_find_ns+0x30/0x30
[   35.961648]  ? lock_acquire+0x1ed/0x520
[   35.965616]  ? __aa_lookupn_ns+0x570/0x570
[   35.969843]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.975370]  ? check_preemption_disabled+0x48/0x200
[   35.980374]  ? kasan_check_read+0x11/0x20
[   35.984515]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   35.989777]  ? print_usage_bug+0xc0/0xc0
[   35.993826]  ? rcu_bh_qs+0xc0/0xc0
[   35.997357]  ? print_usage_bug+0xc0/0xc0
[   36.001408]  aa_lookupn_ns+0x88/0x1e0
[   36.005199]  aa_fqlookupn_profile+0x1b9/0x1010
[   36.009770]  ? aa_lookup_profile+0x30/0x30
[   36.013991]  ? __lock_acquire+0x7ec/0x4ec0
[   36.018211]  ? noop_count+0x40/0x40
[   36.021832]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.027358]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.032800]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.038263]  ? mark_held_locks+0x130/0x130
[   36.042502]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.048047]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   36.053597]  fqlookupn_profile+0x80/0xc0
[   36.057658]  aa_label_strn_parse+0xa3a/0x1230
[   36.062151]  ? aa_label_printk+0x850/0x850
[   36.066374]  ? do_raw_spin_unlock+0xa7/0x2f0
[   36.070767]  ? graph_lock+0x170/0x170
[   36.074554]  ? lockdep_on+0x50/0x50
[   36.078179]  ? graph_lock+0x170/0x170
[   36.081980]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.087509]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.092953]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.098391]  ? graph_lock+0x170/0x170
[   36.102177]  ? find_held_lock+0x36/0x1c0
[   36.106228]  aa_label_parse+0x42/0x50
[   36.110019]  aa_change_profile+0x513/0x3510
[   36.114721]  ? lock_acquire+0x1ed/0x520
[   36.118688]  ? aa_change_hat+0x1a20/0x1a20
[   36.123030]  ? is_bpf_text_address+0xd3/0x170
[   36.127518]  ? __mutex_lock+0x85e/0x1700
[   36.131567]  ? proc_pid_attr_write+0x28a/0x540
[   36.136140]  ? mutex_trylock+0x2b0/0x2b0
[   36.140296]  ? save_stack+0xa9/0xd0
[   36.143912]  ? save_stack+0x43/0xd0
[   36.147532]  ? kasan_kmalloc+0xc7/0xe0
[   36.151404]  ? __kmalloc_track_caller+0x14a/0x750
[   36.156234]  ? memdup_user+0x2c/0xa0
[   36.159952]  ? proc_pid_attr_write+0x198/0x540
[   36.164528]  ? graph_lock+0x170/0x170
[   36.168320]  ? __ia32_sys_write+0x71/0xb0
[   36.172462]  ? graph_lock+0x170/0x170
[   36.176251]  ? mark_held_locks+0x130/0x130
[   36.180476]  apparmor_setprocattr+0xaa4/0x1150
[   36.185052]  ? apparmor_task_kill+0xcb0/0xcb0
[   36.189534]  ? lock_downgrade+0x900/0x900
[   36.193669]  ? arch_local_save_flags+0x40/0x40
[   36.198254]  security_setprocattr+0x66/0xc0
[   36.202563]  proc_pid_attr_write+0x301/0x540
[   36.206965]  __vfs_write+0x119/0x9f0
[   36.210665]  ? check_preemption_disabled+0x48/0x200
[   36.215669]  ? proc_loginuid_write+0x4f0/0x4f0
[   36.220296]  ? kernel_read+0x120/0x120
[   36.224180]  ? __lock_is_held+0xb5/0x140
[   36.228239]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.233248]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.238772]  ? __sb_start_write+0x1b2/0x370
[   36.243082]  vfs_write+0x1fc/0x560
[   36.246617]  ksys_write+0x101/0x260
[   36.250236]  ? __ia32_sys_read+0xb0/0xb0
[   36.254287]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   36.259729]  __ia32_sys_write+0x71/0xb0
[   36.263692]  do_fast_syscall_32+0x34d/0xfb2
[   36.268013]  ? do_int80_syscall_32+0x890/0x890
[   36.272588]  ? entry_SYSENTER_compat+0x68/0x7f
[   36.277160]  ? trace_hardirqs_off_caller+0xbb/0x310
[   36.282223]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.287065]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.291995]  ? trace_hardirqs_on_caller+0x310/0x310
[   36.297008]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.302012]  ? prepare_exit_to_usermode+0x291/0x3b0
[   36.307027]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.311875]  entry_SYSENTER_compat+0x70/0x7f
[   36.316270] RIP: 0023:0xf7f9fca9
[   36.319669] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   36.338644] RSP: 002b:00000000ffd1b0ec EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   36.346347] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[   36.353603] RDX: 0000000000000009 RSI: 00000000ffd1b234 RDI: 00000000ffd1b23c
[   36.360863] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   36.368228] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   36.375497] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   36.382771] 
[   36.384395] The buggy address belongs to the page:
[   36.389309] page:ffffea0006eb97c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   36.397435] flags: 0x2fffc0000000000()
[   36.401317] raw: 02fffc0000000000 0000000000000000 ffffffff06eb0101 0000000000000000
[   36.409198] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   36.417072] page dumped because: kasan: bad access detected
[   36.422760] 
[   36.424369] Memory state around the buggy address:
[   36.429293]  ffff8801bae5f280: f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
[   36.436757]  ffff8801bae5f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   36.444109] >ffff8801bae5f380: 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2
[   36.451568]                                      ^
[   36.456492]  ffff8801bae5f400: f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2
[   36.463848]  ffff8801bae5f480: f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[   36.471186] ==================================================================
[   36.478522] Disabling lock debugging due to kernel taint
[   36.484510] Kernel panic - not syncing: panic_on_warn set ...
[   36.484510] 
[   36.491885] CPU: 0 PID: 5335 Comm: syz-executor271 Tainted: G    B             4.19.0-rc5+ #154
[   36.500744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.510085] Call Trace:
[   36.512660]  dump_stack+0x1c4/0x2b4
[   36.516271]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.521451]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.526192]  panic+0x238/0x4e7
[   36.529377]  ? add_taint.cold.5+0x16/0x16
[   36.533518]  ? preempt_schedule+0x4d/0x60
[   36.537720]  ? ___preempt_schedule+0x16/0x18
[   36.542180]  ? trace_hardirqs_on+0xb4/0x310
[   36.546498]  kasan_end_report+0x47/0x4f
[   36.550495]  kasan_report.cold.9+0x76/0x309
[   36.554848]  ? memcmp+0xe3/0x160
[   36.558211]  __asan_report_load1_noabort+0x14/0x20
[   36.563124]  memcmp+0xe3/0x160
[   36.566301]  strnstr+0x4b/0x70
[   36.569479]  __aa_lookupn_ns+0xc1/0x570
[   36.573440]  ? aa_find_ns+0x30/0x30
[   36.577050]  ? lock_acquire+0x1ed/0x520
[   36.581012]  ? __aa_lookupn_ns+0x570/0x570
[   36.585231]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.590754]  ? check_preemption_disabled+0x48/0x200
[   36.595761]  ? kasan_check_read+0x11/0x20
[   36.599900]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   36.605165]  ? print_usage_bug+0xc0/0xc0
[   36.609232]  ? rcu_bh_qs+0xc0/0xc0
[   36.612765]  ? print_usage_bug+0xc0/0xc0
[   36.616811]  aa_lookupn_ns+0x88/0x1e0
[   36.620602]  aa_fqlookupn_profile+0x1b9/0x1010
[   36.625171]  ? aa_lookup_profile+0x30/0x30
[   36.629398]  ? __lock_acquire+0x7ec/0x4ec0
[   36.633674]  ? noop_count+0x40/0x40
[   36.637295]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.642820]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.648257]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.653698]  ? mark_held_locks+0x130/0x130
[   36.657917]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.663574]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   36.669103]  fqlookupn_profile+0x80/0xc0
[   36.673151]  aa_label_strn_parse+0xa3a/0x1230
[   36.677630]  ? aa_label_printk+0x850/0x850
[   36.681849]  ? do_raw_spin_unlock+0xa7/0x2f0
[   36.686243]  ? graph_lock+0x170/0x170
[   36.690033]  ? lockdep_on+0x50/0x50
[   36.693650]  ? graph_lock+0x170/0x170
[   36.697445]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.703011]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   36.708457]  ? refcount_add_not_zero_checked+0x330/0x330
[   36.713976]  ? graph_lock+0x170/0x170
[   36.717768]  ? find_held_lock+0x36/0x1c0
[   36.721818]  aa_label_parse+0x42/0x50
[   36.725609]  aa_change_profile+0x513/0x3510
[   36.729920]  ? lock_acquire+0x1ed/0x520
[   36.733980]  ? aa_change_hat+0x1a20/0x1a20
[   36.738212]  ? is_bpf_text_address+0xd3/0x170
[   36.742695]  ? __mutex_lock+0x85e/0x1700
[   36.746788]  ? proc_pid_attr_write+0x28a/0x540
[   36.751370]  ? mutex_trylock+0x2b0/0x2b0
[   36.755413]  ? save_stack+0xa9/0xd0
[   36.759027]  ? save_stack+0x43/0xd0
[   36.762636]  ? kasan_kmalloc+0xc7/0xe0
[   36.766508]  ? __kmalloc_track_caller+0x14a/0x750
[   36.771346]  ? memdup_user+0x2c/0xa0
[   36.775075]  ? proc_pid_attr_write+0x198/0x540
[   36.779651]  ? graph_lock+0x170/0x170
[   36.783448]  ? __ia32_sys_write+0x71/0xb0
[   36.787586]  ? graph_lock+0x170/0x170
[   36.791490]  ? mark_held_locks+0x130/0x130
[   36.795715]  apparmor_setprocattr+0xaa4/0x1150
[   36.800285]  ? apparmor_task_kill+0xcb0/0xcb0
[   36.804776]  ? lock_downgrade+0x900/0x900
[   36.808924]  ? arch_local_save_flags+0x40/0x40
[   36.813512]  security_setprocattr+0x66/0xc0
[   36.817822]  proc_pid_attr_write+0x301/0x540
[   36.822217]  __vfs_write+0x119/0x9f0
[   36.826095]  ? check_preemption_disabled+0x48/0x200
[   36.831098]  ? proc_loginuid_write+0x4f0/0x4f0
[   36.835666]  ? kernel_read+0x120/0x120
[   36.839540]  ? __lock_is_held+0xb5/0x140
[   36.843590]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.848591]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.854113]  ? __sb_start_write+0x1b2/0x370
[   36.858432]  vfs_write+0x1fc/0x560
[   36.861963]  ksys_write+0x101/0x260
[   36.865576]  ? __ia32_sys_read+0xb0/0xb0
[   36.869624]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   36.875142]  __ia32_sys_write+0x71/0xb0
[   36.879113]  do_fast_syscall_32+0x34d/0xfb2
[   36.883480]  ? do_int80_syscall_32+0x890/0x890
[   36.888110]  ? entry_SYSENTER_compat+0x68/0x7f
[   36.892683]  ? trace_hardirqs_off_caller+0xbb/0x310
[   36.897688]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.902584]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.907416]  ? trace_hardirqs_on_caller+0x310/0x310
[   36.912520]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.917524]  ? prepare_exit_to_usermode+0x291/0x3b0
[   36.922618]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.927458]  entry_SYSENTER_compat+0x70/0x7f
[   36.931900] RIP: 0023:0xf7f9fca9
[   36.935266] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   36.954162] RSP: 002b:00000000ffd1b0ec EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   36.961859] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000040
[   36.969119] RDX: 0000000000000009 RSI: 00000000ffd1b234 RDI: 00000000ffd1b23c
[   36.976376] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   36.983725] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   36.990988] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   36.999158] Kernel Offset: disabled
[   37.002782] Rebooting in 86400 seconds..