[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.758397] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   25.663560] random: sshd: uninitialized urandom read (32 bytes read)

[   26.046896] random: sshd: uninitialized urandom read (32 bytes read)
Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.649162] random: sshd: uninitialized urandom read (32 bytes read)
[   26.877557] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
[   32.437700] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   32.560817] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
[   32.592191] audit: type=1400 audit(1537761070.265:2): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5330 comm="syz-executor864"
[   32.619185] audit: type=1400 audit(1537761070.295:3): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5331 comm="syz-executor864"
executing program
[   32.646239] audit: type=1400 audit(1537761070.325:4): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5332 comm="syz-executor864"
[   32.665012] ==================================================================
[   32.672436] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
[   32.678562] Read of size 1 at addr ffff8801d8d97400 by task syz-executor864/5333
[   32.686070] 
[   32.687680] CPU: 0 PID: 5333 Comm: syz-executor864 Not tainted 4.19.0-rc5+ #251
[   32.695101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.704432] Call Trace:
[   32.707002]  dump_stack+0x1c4/0x2b4
[   32.710613]  ? dump_stack_print_info.cold.2+0x52/0x52
[   32.715784]  ? printk+0xa7/0xcf
[   32.719046]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   32.723788]  print_address_description.cold.8+0x9/0x1ff
[   32.729135]  kasan_report.cold.9+0x242/0x309
[   32.733522]  ? memcmp+0xe3/0x160
[   32.736871]  __asan_report_load1_noabort+0x14/0x20
[   32.741779]  memcmp+0xe3/0x160
[   32.744952]  strnstr+0x4b/0x70
[   32.748132]  __aa_lookupn_ns+0xc1/0x570
[   32.752091]  ? aa_find_ns+0x30/0x30
[   32.755697]  ? lock_acquire+0x1ed/0x520
[   32.759655]  ? __aa_lookupn_ns+0x570/0x570
[   32.763872]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.769392]  ? check_preemption_disabled+0x48/0x200
[   32.774393]  ? kasan_check_read+0x11/0x20
[   32.778526]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   32.783784]  ? rcu_bh_qs+0xc0/0xc0
[   32.787314]  ? print_usage_bug+0xc0/0xc0
[   32.791372]  aa_lookupn_ns+0x88/0x1e0
[   32.795170]  aa_fqlookupn_profile+0x1b9/0x1010
[   32.799731]  ? lru_cache_add+0x417/0xa50
[   32.803776]  ? aa_lookup_profile+0x30/0x30
[   32.807990]  ? __lock_acquire+0x7ec/0x4ec0
[   32.812204]  ? noop_count+0x40/0x40
[   32.815811]  ? rcu_bh_qs+0xc0/0xc0
[   32.819355]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.824876]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   32.830327]  ? refcount_add_not_zero_checked+0x330/0x330
[   32.835765]  ? mark_held_locks+0x130/0x130
[   32.839983]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.845502]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   32.851024]  fqlookupn_profile+0x80/0xc0
[   32.855067]  aa_label_strn_parse+0xa3a/0x1230
[   32.859547]  ? aa_label_printk+0x850/0x850
[   32.863765]  ? lockdep_on+0x50/0x50
[   32.867394]  ? graph_lock+0x170/0x170
[   32.871192]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   32.876727]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   32.882162]  ? refcount_add_not_zero_checked+0x330/0x330
[   32.887596]  ? graph_lock+0x170/0x170
[   32.891379]  ? find_held_lock+0x36/0x1c0
[   32.895423]  aa_label_parse+0x42/0x50
[   32.899206]  aa_change_profile+0x513/0x3510
[   32.903511]  ? lock_acquire+0x1ed/0x520
[   32.907469]  ? aa_change_hat+0x1a20/0x1a20
[   32.911691]  ? is_bpf_text_address+0xd3/0x170
[   32.916203]  ? __mutex_lock+0x85e/0x1700
[   32.920247]  ? proc_pid_attr_write+0x28a/0x540
[   32.924810]  ? mutex_trylock+0x2b0/0x2b0
[   32.928855]  ? save_stack+0xa9/0xd0
[   32.932460]  ? save_stack+0x43/0xd0
[   32.936063]  ? kasan_kmalloc+0xc7/0xe0
[   32.939947]  ? __kmalloc_track_caller+0x14a/0x750
[   32.944769]  ? memdup_user+0x2c/0xa0
[   32.948476]  ? proc_pid_attr_write+0x198/0x540
[   32.953035]  ? graph_lock+0x170/0x170
[   32.956821]  ? __x64_sys_write+0x73/0xb0
[   32.960882]  ? graph_lock+0x170/0x170
[   32.964662]  ? mark_held_locks+0x130/0x130
[   32.968895]  apparmor_setprocattr+0xaa4/0x1150
[   32.973475]  ? apparmor_task_kill+0xcb0/0xcb0
[   32.977953]  ? lock_downgrade+0x900/0x900
[   32.982086]  ? arch_local_save_flags+0x40/0x40
[   32.986665]  security_setprocattr+0x66/0xc0
[   32.990971]  proc_pid_attr_write+0x301/0x540
[   32.995368]  __vfs_write+0x119/0x9f0
[   32.999063]  ? check_preemption_disabled+0x48/0x200
[   33.004073]  ? proc_loginuid_write+0x4f0/0x4f0
[   33.008639]  ? kernel_read+0x120/0x120
[   33.012514]  ? __lock_is_held+0xb5/0x140
[   33.016565]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.021563]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.027081]  ? __sb_start_write+0x1b2/0x370
[   33.031390]  vfs_write+0x1fc/0x560
[   33.034928]  ksys_write+0x101/0x260
[   33.038554]  ? __ia32_sys_read+0xb0/0xb0
[   33.042602]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   33.048037]  __x64_sys_write+0x73/0xb0
[   33.051910]  do_syscall_64+0x1b9/0x820
[   33.055782]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   33.061139]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.066049]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.070872]  ? trace_hardirqs_on_caller+0x310/0x310
[   33.075869]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   33.080866]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.086386]  ? prepare_exit_to_usermode+0x291/0x3b0
[   33.091388]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.096216]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.101386] RIP: 0033:0x440f59
[   33.104562] Code: e8 0c ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   33.123443] RSP: 002b:00007ffec0aea4c8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   33.131133] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440f59
[   33.138381] RDX: 0000000000000009 RSI: 0000000020000040 RDI: 0000000000000003
[   33.145631] RBP: 0000000000007f5d R08: 0000000000000000 R09: 0000000000000000
[   33.152877] R10: 000000000177b880 R11: 0000000000000213 R12: 0000000000000000
[   33.160172] R13: 0000000000401ef0 R14: 0000000000000000 R15: 0000000000000000
[   33.167430] 
[   33.169035] The buggy address belongs to the page:
[   33.173942] page:ffffea00076365c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   33.182061] flags: 0x2fffc0000000000()
[   33.185930] raw: 02fffc0000000000 0000000000000000 ffffffff07630101 0000000000000000
[   33.193818] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   33.201674] page dumped because: kasan: bad access detected
[   33.207363] 
[   33.208966] Memory state around the buggy address:
[   33.213870]  ffff8801d8d97300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.221225]  ffff8801d8d97380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   33.228559] >ffff8801d8d97400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   33.235891]                    ^
[   33.239236]  ffff8801d8d97480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   33.246571]  ffff8801d8d97500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00
[   33.253906] ==================================================================
[   33.261238] Disabling lock debugging due to kernel taint
[   33.267491] Kernel panic - not syncing: panic_on_warn set ...
[   33.267491] 
[   33.274862] CPU: 0 PID: 5333 Comm: syz-executor864 Tainted: G    B             4.19.0-rc5+ #251
[   33.283675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.293039] Call Trace:
[   33.295608]  dump_stack+0x1c4/0x2b4
[   33.299218]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.304391]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.309131]  panic+0x238/0x4e7
[   33.312322]  ? add_taint.cold.5+0x16/0x16
[   33.316458]  ? preempt_schedule+0x4d/0x60
[   33.320588]  ? ___preempt_schedule+0x16/0x18
[   33.324988]  ? trace_hardirqs_on+0xb4/0x310
[   33.329291]  kasan_end_report+0x47/0x4f
[   33.333266]  kasan_report.cold.9+0x76/0x309
[   33.337581]  ? memcmp+0xe3/0x160
[   33.340940]  __asan_report_load1_noabort+0x14/0x20
[   33.345859]  memcmp+0xe3/0x160
[   33.349033]  strnstr+0x4b/0x70
[   33.352207]  __aa_lookupn_ns+0xc1/0x570
[   33.356165]  ? aa_find_ns+0x30/0x30
[   33.359777]  ? lock_acquire+0x1ed/0x520
[   33.363731]  ? __aa_lookupn_ns+0x570/0x570
[   33.367948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.373467]  ? check_preemption_disabled+0x48/0x200
[   33.378467]  ? kasan_check_read+0x11/0x20
[   33.382600]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   33.387860]  ? rcu_bh_qs+0xc0/0xc0
[   33.391382]  ? print_usage_bug+0xc0/0xc0
[   33.395430]  aa_lookupn_ns+0x88/0x1e0
[   33.399212]  aa_fqlookupn_profile+0x1b9/0x1010
[   33.403806]  ? lru_cache_add+0x417/0xa50
[   33.407867]  ? aa_lookup_profile+0x30/0x30
[   33.412090]  ? __lock_acquire+0x7ec/0x4ec0
[   33.416343]  ? noop_count+0x40/0x40
[   33.419956]  ? rcu_bh_qs+0xc0/0xc0
[   33.423478]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.428999]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   33.434604]  ? refcount_add_not_zero_checked+0x330/0x330
[   33.440038]  ? mark_held_locks+0x130/0x130
[   33.444256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.449791]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   33.455318]  fqlookupn_profile+0x80/0xc0
[   33.459368]  aa_label_strn_parse+0xa3a/0x1230
[   33.463852]  ? aa_label_printk+0x850/0x850
[   33.468086]  ? lockdep_on+0x50/0x50
[   33.471694]  ? graph_lock+0x170/0x170
[   33.475477]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.481227]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   33.486670]  ? refcount_add_not_zero_checked+0x330/0x330
[   33.492126]  ? graph_lock+0x170/0x170
[   33.495922]  ? find_held_lock+0x36/0x1c0
[   33.499965]  aa_label_parse+0x42/0x50
[   33.503764]  aa_change_profile+0x513/0x3510
[   33.508071]  ? lock_acquire+0x1ed/0x520
[   33.512027]  ? aa_change_hat+0x1a20/0x1a20
[   33.516251]  ? is_bpf_text_address+0xd3/0x170
[   33.520743]  ? __mutex_lock+0x85e/0x1700
[   33.524800]  ? proc_pid_attr_write+0x28a/0x540
[   33.529366]  ? mutex_trylock+0x2b0/0x2b0
[   33.533406]  ? save_stack+0xa9/0xd0
[   33.537014]  ? save_stack+0x43/0xd0
[   33.540619]  ? kasan_kmalloc+0xc7/0xe0
[   33.544489]  ? __kmalloc_track_caller+0x14a/0x750
[   33.549322]  ? memdup_user+0x2c/0xa0
[   33.553022]  ? proc_pid_attr_write+0x198/0x540
[   33.557584]  ? graph_lock+0x170/0x170
[   33.561366]  ? __x64_sys_write+0x73/0xb0
[   33.565408]  ? graph_lock+0x170/0x170
[   33.569188]  ? mark_held_locks+0x130/0x130
[   33.573406]  apparmor_setprocattr+0xaa4/0x1150
[   33.577970]  ? apparmor_task_kill+0xcb0/0xcb0
[   33.582446]  ? lock_downgrade+0x900/0x900
[   33.586577]  ? arch_local_save_flags+0x40/0x40
[   33.591148]  security_setprocattr+0x66/0xc0
[   33.595453]  proc_pid_attr_write+0x301/0x540
[   33.599845]  __vfs_write+0x119/0x9f0
[   33.603540]  ? check_preemption_disabled+0x48/0x200
[   33.608540]  ? proc_loginuid_write+0x4f0/0x4f0
[   33.613102]  ? kernel_read+0x120/0x120
[   33.616974]  ? __lock_is_held+0xb5/0x140
[   33.621021]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.626017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.631536]  ? __sb_start_write+0x1b2/0x370
[   33.635859]  vfs_write+0x1fc/0x560
[   33.639383]  ksys_write+0x101/0x260
[   33.642994]  ? __ia32_sys_read+0xb0/0xb0
[   33.647051]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   33.652484]  __x64_sys_write+0x73/0xb0
[   33.656356]  do_syscall_64+0x1b9/0x820
[   33.660226]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   33.665569]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.670478]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.675312]  ? trace_hardirqs_on_caller+0x310/0x310
[   33.680323]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   33.685331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.690855]  ? prepare_exit_to_usermode+0x291/0x3b0
[   33.695864]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.700702]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.705874] RIP: 0033:0x440f59
[   33.709054] Code: e8 0c ac 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   33.727941] RSP: 002b:00007ffec0aea4c8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   33.735628] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440f59
[   33.742875] RDX: 0000000000000009 RSI: 0000000020000040 RDI: 0000000000000003
[   33.750122] RBP: 0000000000007f5d R08: 0000000000000000 R09: 0000000000000000
[   33.757374] R10: 000000000177b880 R11: 0000000000000213 R12: 0000000000000000
[   33.764624] R13: 0000000000401ef0 R14: 0000000000000000 R15: 0000000000000000
[   33.772744] Kernel Offset: disabled
[   33.776363] Rebooting in 86400 seconds..