[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.780007] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.496246] random: sshd: uninitialized urandom read (32 bytes read)
[   26.971210] random: sshd: uninitialized urandom read (32 bytes read)
[   27.625331] random: sshd: uninitialized urandom read (32 bytes read)
[   27.833444] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts.
[   33.438906] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
[   33.562166] audit: type=1400 audit(1537855217.598:2): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5329 comm="syz-executor280"
[   33.589253] audit: type=1400 audit(1537855217.618:3): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5330 comm="syz-executor280"
executing program
executing program
[   33.615956] audit: type=1400 audit(1537855217.648:4): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5331 comm="syz-executor280"
[   33.646194] audit: type=1400 audit(1537855217.678:5): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5332 comm="syz-executor280"
executing program
executing program
[   33.673869] audit: type=1400 audit(1537855217.708:6): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5334 comm="syz-executor280"
[   33.701505] audit: type=1400 audit(1537855217.738:7): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5335 comm="syz-executor280"
executing program
executing program
[   33.729553] audit: type=1400 audit(1537855217.758:8): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5336 comm="syz-executor280"
[   33.756813] audit: type=1400 audit(1537855217.788:9): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5337 comm="syz-executor280"
executing program
executing program
executing program
executing program
executing program
[   33.784136] audit: type=1400 audit(1537855217.818:10): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5338 comm="syz-executor280"
[   33.811297] audit: type=1400 audit(1537855217.848:11): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5339 comm="syz-executor280"
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   34.010651] ==================================================================
[   34.018117] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
[   34.024269] Read of size 1 at addr ffff8801d968f400 by task syz-executor280/5357
[   34.031784] 
[   34.033411] CPU: 0 PID: 5357 Comm: syz-executor280 Not tainted 4.19.0-rc5+ #252
[   34.040839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.050179] Call Trace:
[   34.052761]  dump_stack+0x1c4/0x2b4
[   34.056389]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.061587]  ? printk+0xa7/0xcf
[   34.064885]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   34.069658]  print_address_description.cold.8+0x9/0x1ff
[   34.075016]  kasan_report.cold.9+0x242/0x309
[   34.079421]  ? memcmp+0xe3/0x160
[   34.082783]  __asan_report_load1_noabort+0x14/0x20
[   34.087699]  memcmp+0xe3/0x160
[   34.090880]  strnstr+0x4b/0x70
[   34.094064]  __aa_lookupn_ns+0xc1/0x570
[   34.098029]  ? aa_find_ns+0x30/0x30
[   34.101647]  ? lock_acquire+0x1ed/0x520
[   34.105609]  ? __aa_lookupn_ns+0x570/0x570
[   34.109845]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.115370]  ? check_preemption_disabled+0x48/0x200
[   34.120390]  ? kasan_check_read+0x11/0x20
[   34.124547]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.129817]  ? rcu_bh_qs+0xc0/0xc0
[   34.133349]  ? print_usage_bug+0xc0/0xc0
[   34.137413]  aa_lookupn_ns+0x88/0x1e0
[   34.141215]  aa_fqlookupn_profile+0x1b9/0x1010
[   34.145787]  ? lru_cache_add+0x417/0xa50
[   34.149843]  ? aa_lookup_profile+0x30/0x30
[   34.154065]  ? __lock_acquire+0x7ec/0x4ec0
[   34.158287]  ? noop_count+0x40/0x40
[   34.161903]  ? rcu_bh_qs+0xc0/0xc0
[   34.165439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.170998]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   34.176458]  ? refcount_add_not_zero_checked+0x330/0x330
[   34.181898]  ? mark_held_locks+0x130/0x130
[   34.186126]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.191672]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.197206]  fqlookupn_profile+0x80/0xc0
[   34.201283]  aa_label_strn_parse+0xa3a/0x1230
[   34.205769]  ? aa_label_printk+0x850/0x850
[   34.209995]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   34.215789]  ? kasan_check_read+0x11/0x20
[   34.219931]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.225216]  ? rcu_bh_qs+0xc0/0xc0
[   34.228744]  ? rcu_bh_qs+0xc0/0xc0
[   34.232271]  ? unwind_dump+0x190/0x190
[   34.236152]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.241680]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   34.247132]  ? refcount_add_not_zero_checked+0x330/0x330
[   34.252583]  ? unwind_get_return_address+0x61/0xa0
[   34.257514]  ? __save_stack_trace+0x8d/0xf0
[   34.261827]  aa_label_parse+0x42/0x50
[   34.265619]  aa_change_profile+0x513/0x3510
[   34.269929]  ? save_stack+0x43/0xd0
[   34.273544]  ? kasan_kmalloc+0xc7/0xe0
[   34.277437]  ? apparmor_setprocattr+0x2ab/0x1150
[   34.282206]  ? __vfs_write+0x119/0x9f0
[   34.286099]  ? ksys_write+0x1e1/0x260
[   34.289887]  ? do_syscall_64+0x1b9/0x820
[   34.293937]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.299321]  ? aa_change_hat+0x1a20/0x1a20
[   34.303569]  ? find_held_lock+0x36/0x1c0
[   34.307641]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.313167]  ? check_preemption_disabled+0x48/0x200
[   34.318168]  ? check_preemption_disabled+0x48/0x200
[   34.323191]  ? __lock_is_held+0xb5/0x140
[   34.327249]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.332254]  ? __kmalloc+0x5de/0x760
[   34.335961]  ? graph_lock+0x170/0x170
[   34.339767]  ? mark_held_locks+0x130/0x130
[   34.344011]  apparmor_setprocattr+0xa8b/0x1150
[   34.348588]  ? apparmor_task_kill+0xcb0/0xcb0
[   34.353071]  ? lock_downgrade+0x900/0x900
[   34.357229]  ? arch_local_save_flags+0x40/0x40
[   34.361815]  security_setprocattr+0x66/0xc0
[   34.366128]  proc_pid_attr_write+0x301/0x540
[   34.370530]  __vfs_write+0x119/0x9f0
[   34.374231]  ? check_preemption_disabled+0x48/0x200
[   34.379236]  ? proc_loginuid_write+0x4f0/0x4f0
[   34.383816]  ? kernel_read+0x120/0x120
[   34.387697]  ? __lock_is_held+0xb5/0x140
[   34.391754]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.396759]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.402284]  ? __sb_start_write+0x1b2/0x370
[   34.406596]  vfs_write+0x1fc/0x560
[   34.410126]  ksys_write+0x101/0x260
[   34.413753]  ? __ia32_sys_read+0xb0/0xb0
[   34.417818]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   34.423257]  __x64_sys_write+0x73/0xb0
[   34.427145]  do_syscall_64+0x1b9/0x820
[   34.431025]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.436379]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.441304]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.446154]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.451162]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.456178]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.461707]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.466713]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.471563]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.476748] RIP: 0033:0x440d49
[   34.479926] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.498822] RSP: 002b:00007fffdc098aa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   34.506530] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   34.513793] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003
[   34.521073] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   34.528349] R10: 00000000013ec880 R11: 0000000000000213 R12: 00000000000084c0
[   34.535607] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   34.542871] 
[   34.544480] The buggy address belongs to the page:
[   34.549393] page:ffffea000765a3c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   34.557532] flags: 0x2fffc0000000000()
[   34.561417] raw: 02fffc0000000000 0000000000000000 ffffffff07650101 0000000000000000
[   34.569296] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   34.577175] page dumped because: kasan: bad access detected
[   34.582866] 
[   34.584477] Memory state around the buggy address:
[   34.589389]  ffff8801d968f300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.596740]  ffff8801d968f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   34.604084] >ffff8801d968f400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   34.611458]                    ^
[   34.614829]  ffff8801d968f480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
[   34.622188]  ffff8801d968f500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00
[   34.629531] ==================================================================
[   34.636886] Disabling lock debugging due to kernel taint
[   34.642759] Kernel panic - not syncing: panic_on_warn set ...
[   34.642759] 
[   34.650146] CPU: 0 PID: 5357 Comm: syz-executor280 Tainted: G    B             4.19.0-rc5+ #252
[   34.658970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.668308] Call Trace:
[   34.670883]  dump_stack+0x1c4/0x2b4
[   34.674513]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.679691]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.684435]  panic+0x238/0x4e7
[   34.687617]  ? add_taint.cold.5+0x16/0x16
[   34.691752]  ? preempt_schedule+0x4d/0x60
[   34.695885]  ? ___preempt_schedule+0x16/0x18
[   34.700284]  ? trace_hardirqs_on+0xb4/0x310
[   34.704595]  kasan_end_report+0x47/0x4f
[   34.708554]  kasan_report.cold.9+0x76/0x309
[   34.712889]  ? memcmp+0xe3/0x160
[   34.716243]  __asan_report_load1_noabort+0x14/0x20
[   34.721158]  memcmp+0xe3/0x160
[   34.724336]  strnstr+0x4b/0x70
[   34.727555]  __aa_lookupn_ns+0xc1/0x570
[   34.731526]  ? aa_find_ns+0x30/0x30
[   34.735138]  ? lock_acquire+0x1ed/0x520
[   34.739131]  ? __aa_lookupn_ns+0x570/0x570
[   34.743354]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.748903]  ? check_preemption_disabled+0x48/0x200
[   34.753921]  ? kasan_check_read+0x11/0x20
[   34.758068]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.763331]  ? rcu_bh_qs+0xc0/0xc0
[   34.766860]  ? print_usage_bug+0xc0/0xc0
[   34.770914]  aa_lookupn_ns+0x88/0x1e0
[   34.774703]  aa_fqlookupn_profile+0x1b9/0x1010
[   34.779267]  ? lru_cache_add+0x417/0xa50
[   34.783316]  ? aa_lookup_profile+0x30/0x30
[   34.787553]  ? __lock_acquire+0x7ec/0x4ec0
[   34.791773]  ? noop_count+0x40/0x40
[   34.795387]  ? rcu_bh_qs+0xc0/0xc0
[   34.798922]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.804444]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   34.809888]  ? refcount_add_not_zero_checked+0x330/0x330
[   34.815323]  ? mark_held_locks+0x130/0x130
[   34.819546]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.825068]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.830599]  fqlookupn_profile+0x80/0xc0
[   34.834649]  aa_label_strn_parse+0xa3a/0x1230
[   34.839130]  ? aa_label_printk+0x850/0x850
[   34.843354]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[   34.849134]  ? kasan_check_read+0x11/0x20
[   34.853269]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.858539]  ? rcu_bh_qs+0xc0/0xc0
[   34.862099]  ? rcu_bh_qs+0xc0/0xc0
[   34.865625]  ? unwind_dump+0x190/0x190
[   34.869516]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.875070]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   34.880513]  ? refcount_add_not_zero_checked+0x330/0x330
[   34.885963]  ? unwind_get_return_address+0x61/0xa0
[   34.890884]  ? __save_stack_trace+0x8d/0xf0
[   34.895191]  aa_label_parse+0x42/0x50
[   34.898980]  aa_change_profile+0x513/0x3510
[   34.903287]  ? save_stack+0x43/0xd0
[   34.906899]  ? kasan_kmalloc+0xc7/0xe0
[   34.910774]  ? apparmor_setprocattr+0x2ab/0x1150
[   34.915517]  ? __vfs_write+0x119/0x9f0
[   34.919408]  ? ksys_write+0x1e1/0x260
[   34.923196]  ? do_syscall_64+0x1b9/0x820
[   34.927255]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.932605]  ? aa_change_hat+0x1a20/0x1a20
[   34.936824]  ? find_held_lock+0x36/0x1c0
[   34.940891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.946418]  ? check_preemption_disabled+0x48/0x200
[   34.951424]  ? check_preemption_disabled+0x48/0x200
[   34.956435]  ? __lock_is_held+0xb5/0x140
[   34.960503]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.965510]  ? __kmalloc+0x5de/0x760
[   34.969208]  ? graph_lock+0x170/0x170
[   34.973006]  ? mark_held_locks+0x130/0x130
[   34.977242]  apparmor_setprocattr+0xa8b/0x1150
[   34.981811]  ? apparmor_task_kill+0xcb0/0xcb0
[   34.986293]  ? lock_downgrade+0x900/0x900
[   34.990436]  ? arch_local_save_flags+0x40/0x40
[   34.995015]  security_setprocattr+0x66/0xc0
[   34.999324]  proc_pid_attr_write+0x301/0x540
[   35.003722]  __vfs_write+0x119/0x9f0
[   35.007430]  ? check_preemption_disabled+0x48/0x200
[   35.012436]  ? proc_loginuid_write+0x4f0/0x4f0
[   35.017008]  ? kernel_read+0x120/0x120
[   35.020918]  ? __lock_is_held+0xb5/0x140
[   35.024968]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.029973]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.035495]  ? __sb_start_write+0x1b2/0x370
[   35.039804]  vfs_write+0x1fc/0x560
[   35.043330]  ksys_write+0x101/0x260
[   35.046941]  ? __ia32_sys_read+0xb0/0xb0
[   35.050992]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   35.056432]  __x64_sys_write+0x73/0xb0
[   35.060312]  do_syscall_64+0x1b9/0x820
[   35.064203]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.069552]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.074484]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.079312]  ? trace_hardirqs_on_caller+0x310/0x310
[   35.084321]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.089330]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.094868]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.099871]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.104700]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.109874] RIP: 0033:0x440d49
[   35.113052] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.131939] RSP: 002b:00007fffdc098aa8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   35.139638] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49
[   35.146891] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003
[   35.154142] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
[   35.161416] R10: 00000000013ec880 R11: 0000000000000213 R12: 00000000000084c0
[   35.168671] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
[   35.176823] Kernel Offset: disabled
[   35.180470] Rebooting in 86400 seconds..