INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts. executing program executing program executing program syzkaller login: [ 37.186985] audit: type=1400 audit(1537811646.030:2): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5569 comm="syz-executor859" [ 37.217542] audit: type=1400 audit(1537811646.060:3): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5570 comm="syz-executor859" executing program executing program [ 37.248596] audit: type=1400 audit(1537811646.090:4): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5571 comm="syz-executor859" [ 37.279219] audit: type=1400 audit(1537811646.120:5): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5572 comm="syz-executor859" executing program executing program [ 37.309603] audit: type=1400 audit(1537811646.150:6): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5573 comm="syz-executor859" [ 37.340366] audit: type=1400 audit(1537811646.180:7): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5574 comm="syz-executor859" executing program executing program [ 37.370807] audit: type=1400 audit(1537811646.210:8): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5575 comm="syz-executor859" [ 37.401978] audit: type=1400 audit(1537811646.240:9): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5576 comm="syz-executor859" executing program executing program executing program executing program [ 37.432556] audit: type=1400 audit(1537811646.270:10): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5577 comm="syz-executor859" [ 37.462862] audit: type=1400 audit(1537811646.300:11): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name="&&" pid=5578 comm="syz-executor859" executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 37.665862] ================================================================== [ 37.673355] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160 [ 37.679486] Read of size 1 at addr ffff8801be8a7400 by task syz-executor859/5592 [ 37.687004] [ 37.688645] CPU: 1 PID: 5592 Comm: syz-executor859 Not tainted 4.19.0-rc5-next-20180924+ #78 [ 37.697206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.706544] Call Trace: [ 37.709121] dump_stack+0x1d3/0x2c4 [ 37.712756] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.717932] ? printk+0xa7/0xcf [ 37.721200] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.725951] print_address_description.cold.8+0x9/0x1ff [ 37.731346] kasan_report.cold.9+0x242/0x309 [ 37.735743] ? memcmp+0xe3/0x160 [ 37.739099] __asan_report_load1_noabort+0x14/0x20 [ 37.744017] memcmp+0xe3/0x160 [ 37.747206] strnstr+0x4b/0x70 [ 37.750395] __aa_lookupn_ns+0xc1/0x570 [ 37.754367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.759897] ? aa_find_ns+0x30/0x30 [ 37.763516] ? lock_acquire+0x1ed/0x520 [ 37.767478] ? __aa_lookupn_ns+0x570/0x570 [ 37.771714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.777282] ? check_preemption_disabled+0x48/0x200 [ 37.782302] ? kasan_check_read+0x11/0x20 [ 37.786438] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 37.791710] ? rcu_softirq_qs+0x20/0x20 [ 37.795683] ? print_usage_bug+0xc0/0xc0 [ 37.799736] aa_lookupn_ns+0x88/0x1e0 [ 37.803542] aa_fqlookupn_profile+0x1b9/0x1010 [ 37.808110] ? lru_cache_add_file+0x20/0x20 [ 37.812421] ? aa_lookup_profile+0x30/0x30 [ 37.816654] ? __lock_acquire+0x7ec/0x4ec0 [ 37.820887] ? noop_count+0x40/0x40 [ 37.824503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.830031] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.835485] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.840946] ? mark_held_locks+0x130/0x130 [ 37.845182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.850714] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 37.856282] fqlookupn_profile+0x80/0xc0 [ 37.860359] aa_label_strn_parse+0xa3a/0x1230 [ 37.864845] ? aa_label_printk+0x850/0x850 [ 37.869081] ? lockdep_on+0x50/0x50 [ 37.872718] ? graph_lock+0x170/0x170 [ 37.876511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.882038] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 37.887475] ? refcount_add_not_zero_checked+0x330/0x330 [ 37.892911] ? graph_lock+0x170/0x170 [ 37.896700] ? find_held_lock+0x36/0x1c0 [ 37.900765] aa_label_parse+0x42/0x50 [ 37.904791] aa_change_profile+0x513/0x3510 [ 37.909104] ? lock_acquire+0x1ed/0x520 [ 37.913088] ? aa_change_hat+0x1a20/0x1a20 [ 37.917320] ? is_bpf_text_address+0xd3/0x170 [ 37.921808] ? __mutex_lock+0x85e/0x1700 [ 37.925856] ? proc_pid_attr_write+0x28a/0x540 [ 37.930426] ? mutex_trylock+0x2b0/0x2b0 [ 37.934475] ? save_stack+0xa9/0xd0 [ 37.938091] ? save_stack+0x43/0xd0 [ 37.941701] ? kasan_kmalloc+0xc7/0xe0 [ 37.945632] ? __kmalloc_track_caller+0x14a/0x750 [ 37.950461] ? memdup_user+0x2c/0xa0 [ 37.954163] ? proc_pid_attr_write+0x198/0x540 [ 37.958748] ? graph_lock+0x170/0x170 [ 37.962534] ? __x64_sys_write+0x73/0xb0 [ 37.966581] ? graph_lock+0x170/0x170 [ 37.970368] ? mark_held_locks+0x130/0x130 [ 37.974594] apparmor_setprocattr+0xab7/0x1180 [ 37.979167] ? apparmor_task_kill+0xcb0/0xcb0 [ 37.983652] ? lock_downgrade+0x900/0x900 [ 37.987814] ? ttwu_stat+0x5c0/0x5c0 [ 37.991540] security_setprocattr+0x66/0xc0 [ 37.995852] proc_pid_attr_write+0x301/0x540 [ 38.000255] __vfs_write+0x119/0x9f0 [ 38.003958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.009495] ? proc_loginuid_write+0x4f0/0x4f0 [ 38.014078] ? kernel_read+0x120/0x120 [ 38.017953] ? __lock_is_held+0xb5/0x140 [ 38.022007] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.027025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.032548] ? __sb_start_write+0x1b2/0x370 [ 38.036857] vfs_write+0x1fc/0x560 [ 38.040386] ksys_write+0x101/0x260 [ 38.043997] ? __ia32_sys_read+0xb0/0xb0 [ 38.048059] ? trace_hardirqs_off_caller+0x300/0x300 [ 38.053148] __x64_sys_write+0x73/0xb0 [ 38.057073] do_syscall_64+0x1b9/0x820 [ 38.060966] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.066351] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.071284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.076112] ? trace_hardirqs_off+0x310/0x310 [ 38.080592] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.085597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.091123] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.096128] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.100959] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.106134] RIP: 0033:0x440d49 [ 38.109310] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.128205] RSP: 002b:00007ffc88b57448 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 38.135923] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 38.143191] RDX: 0000000000000009 RSI: 0000000020000100 RDI: 0000000000000003 [ 38.150444] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 38.157714] R10: 0000000002259880 R11: 0000000000000213 R12: 00000000000092fa [ 38.164985] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 38.172267] [ 38.173892] The buggy address belongs to the page: [ 38.178822] page:ffffea0006fa29c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 38.186961] flags: 0x2fffc0000000000() [ 38.190833] raw: 02fffc0000000000 0000000000000000 ffffffff06fa0101 0000000000000000 [ 38.198698] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 38.206554] page dumped because: kasan: bad access detected [ 38.212279] [ 38.213889] Memory state around the buggy address: [ 38.218799] ffff8801be8a7300: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.226139] ffff8801be8a7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 38.233481] >ffff8801be8a7400: f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 38.240834] ^ [ 38.244196] ffff8801be8a7480: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 [ 38.251537] ffff8801be8a7500: f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 [ 38.258875] ================================================================== [ 38.266230] Disabling lock debugging due to kernel taint [ 38.272213] Kernel panic - not syncing: panic_on_warn set ... [ 38.272213] [ 38.279616] CPU: 1 PID: 5592 Comm: syz-executor859 Tainted: G B 4.19.0-rc5-next-20180924+ #78 [ 38.289593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.298933] Call Trace: [ 38.301502] dump_stack+0x1d3/0x2c4 [ 38.305128] ? dump_stack_print_info.cold.2+0x52/0x52 [ 38.310304] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.315065] panic+0x238/0x4e7 [ 38.318254] ? add_taint.cold.5+0x16/0x16 [ 38.322417] ? preempt_schedule+0x4d/0x60 [ 38.326548] ? ___preempt_schedule+0x16/0x18 [ 38.330940] ? trace_hardirqs_on+0xb4/0x310 [ 38.335272] kasan_end_report+0x47/0x4f [ 38.339233] kasan_report.cold.9+0x76/0x309 [ 38.343547] ? memcmp+0xe3/0x160 [ 38.346901] __asan_report_load1_noabort+0x14/0x20 [ 38.351811] memcmp+0xe3/0x160 [ 38.355038] strnstr+0x4b/0x70 [ 38.358215] __aa_lookupn_ns+0xc1/0x570 [ 38.362177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.367716] ? aa_find_ns+0x30/0x30 [ 38.371329] ? lock_acquire+0x1ed/0x520 [ 38.375296] ? __aa_lookupn_ns+0x570/0x570 [ 38.379521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.385047] ? check_preemption_disabled+0x48/0x200 [ 38.390058] ? kasan_check_read+0x11/0x20 [ 38.394217] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 38.399484] ? rcu_softirq_qs+0x20/0x20 [ 38.403443] ? print_usage_bug+0xc0/0xc0 [ 38.407488] aa_lookupn_ns+0x88/0x1e0 [ 38.411293] aa_fqlookupn_profile+0x1b9/0x1010 [ 38.415868] ? lru_cache_add_file+0x20/0x20 [ 38.420173] ? aa_lookup_profile+0x30/0x30 [ 38.424391] ? __lock_acquire+0x7ec/0x4ec0 [ 38.428610] ? noop_count+0x40/0x40 [ 38.432221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.437768] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 38.443209] ? refcount_add_not_zero_checked+0x330/0x330 [ 38.448642] ? mark_held_locks+0x130/0x130 [ 38.452864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.458402] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 38.463939] fqlookupn_profile+0x80/0xc0 [ 38.467987] aa_label_strn_parse+0xa3a/0x1230 [ 38.472498] ? aa_label_printk+0x850/0x850 [ 38.476724] ? lockdep_on+0x50/0x50 [ 38.480333] ? graph_lock+0x170/0x170 [ 38.484118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.489656] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 38.495092] ? refcount_add_not_zero_checked+0x330/0x330 [ 38.500529] ? graph_lock+0x170/0x170 [ 38.504313] ? find_held_lock+0x36/0x1c0 [ 38.508361] aa_label_parse+0x42/0x50 [ 38.512147] aa_change_profile+0x513/0x3510 [ 38.516454] ? lock_acquire+0x1ed/0x520 [ 38.520415] ? aa_change_hat+0x1a20/0x1a20 [ 38.524634] ? is_bpf_text_address+0xd3/0x170 [ 38.529135] ? __mutex_lock+0x85e/0x1700 [ 38.533185] ? proc_pid_attr_write+0x28a/0x540 [ 38.537762] ? mutex_trylock+0x2b0/0x2b0 [ 38.541815] ? save_stack+0xa9/0xd0 [ 38.545427] ? save_stack+0x43/0xd0 [ 38.549036] ? kasan_kmalloc+0xc7/0xe0 [ 38.552904] ? __kmalloc_track_caller+0x14a/0x750 [ 38.557730] ? memdup_user+0x2c/0xa0 [ 38.561429] ? proc_pid_attr_write+0x198/0x540 [ 38.566060] ? graph_lock+0x170/0x170 [ 38.569862] ? __x64_sys_write+0x73/0xb0 [ 38.573924] ? graph_lock+0x170/0x170 [ 38.577724] ? mark_held_locks+0x130/0x130 [ 38.581944] apparmor_setprocattr+0xab7/0x1180 [ 38.586514] ? apparmor_task_kill+0xcb0/0xcb0 [ 38.590995] ? lock_downgrade+0x900/0x900 [ 38.595195] ? ttwu_stat+0x5c0/0x5c0 [ 38.598902] security_setprocattr+0x66/0xc0 [ 38.603210] proc_pid_attr_write+0x301/0x540 [ 38.607603] __vfs_write+0x119/0x9f0 [ 38.611302] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.616824] ? proc_loginuid_write+0x4f0/0x4f0 [ 38.621396] ? kernel_read+0x120/0x120 [ 38.625297] ? __lock_is_held+0xb5/0x140 [ 38.629345] ? rcu_read_lock_sched_held+0x108/0x120 [ 38.634345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.639883] ? __sb_start_write+0x1b2/0x370 [ 38.644189] vfs_write+0x1fc/0x560 [ 38.647711] ksys_write+0x101/0x260 [ 38.651324] ? __ia32_sys_read+0xb0/0xb0 [ 38.655377] ? trace_hardirqs_off_caller+0x300/0x300 [ 38.660463] __x64_sys_write+0x73/0xb0 [ 38.664358] do_syscall_64+0x1b9/0x820 [ 38.668230] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.673612] ? syscall_return_slowpath+0x5e0/0x5e0 [ 38.678533] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.683367] ? trace_hardirqs_off+0x310/0x310 [ 38.687848] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 38.692866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 38.698388] ? prepare_exit_to_usermode+0x291/0x3b0 [ 38.703389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.708218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.713394] RIP: 0033:0x440d49 [ 38.716572] Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.735454] RSP: 002b:00007ffc88b57448 EFLAGS: 00000213 ORIG_RAX: 0000000000000001 [ 38.743144] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d49 [ 38.750411] RDX: 0000000000000009 RSI: 0000000020000100 RDI: 0000000000000003 [ 38.757665] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 38.764932] R10: 0000000002259880 R11: 0000000000000213 R12: 00000000000092fa [ 38.772195] R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000 [ 38.780748] Kernel Offset: disabled [ 38.784374] Rebooting in 86400 seconds..