Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. [ 43.972345] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.101432] ================================================================== [ 44.108899] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880 [ 44.116358] Read of size 4 at addr ffff8801d78c21d4 by task syz-executor943/5332 [ 44.123878] [ 44.125492] CPU: 0 PID: 5332 Comm: syz-executor943 Not tainted 4.19.0-rc2+ #133 [ 44.132920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.142260] Call Trace: [ 44.144840] dump_stack+0x1c4/0x2b4 [ 44.148464] ? dump_stack_print_info.cold.2+0x52/0x52 [ 44.153644] ? printk+0xa7/0xcf [ 44.156913] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 44.161661] print_address_description.cold.8+0x9/0x1ff [ 44.167075] kasan_report.cold.9+0x242/0x309 [ 44.171477] ? fscache_alloc_cookie+0x7ad/0x880 [ 44.176135] __asan_report_load4_noabort+0x14/0x20 [ 44.181053] fscache_alloc_cookie+0x7ad/0x880 [ 44.185540] ? fscache_cookie_init_once+0x80/0x80 [ 44.190375] ? rpcauth_cache_shrink_scan+0x180/0x180 [ 44.195467] ? __kmalloc_track_caller+0x14a/0x750 [ 44.200296] ? kstrdup+0x39/0x70 [ 44.203655] ? nfs_alloc_client+0x383/0x760 [ 44.207967] ? nfs_get_client+0x8e8/0x14d0 [ 44.212190] ? nfs_init_server+0x357/0x1010 [ 44.216497] ? nfs_create_server+0x86/0x5f0 [ 44.220816] ? nfs_fs_mount+0x17f8/0x2f1c [ 44.224957] ? mount_fs+0xae/0x31d [ 44.228492] ? vfs_kern_mount.part.35+0xdc/0x4f0 [ 44.233235] ? do_mount+0x581/0x31f0 [ 44.236938] ? __ia32_compat_sys_mount+0x5d5/0x860 [ 44.241896] ? do_fast_syscall_32+0x34d/0xfb2 [ 44.246477] ? entry_SYSENTER_compat+0x70/0x7f [ 44.251052] __fscache_acquire_cookie+0x230/0xb60 [ 44.255932] ? fscache_cookie_put+0x880/0x880 [ 44.260431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.265959] ? check_preemption_disabled+0x48/0x200 [ 44.271010] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 44.276542] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 44.281806] ? rcu_pm_notify+0xc0/0xc0 [ 44.285681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.291218] nfs_fscache_get_client_cookie+0x463/0x600 [ 44.296491] ? nfs_readpage_from_fscache_complete+0x200/0x200 [ 44.302382] nfs_alloc_client+0x563/0x760 [ 44.306519] ? register_nfs_version+0x280/0x280 [ 44.311180] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.315765] nfs_get_client+0x8e8/0x14d0 [ 44.319879] ? kmem_cache_alloc_trace+0x152/0x750 [ 44.324719] ? mount_fs+0xae/0x31d [ 44.328253] ? __lockdep_init_map+0x105/0x590 [ 44.332744] ? nfs_put_client+0x30/0x30 [ 44.336705] ? nfs_alloc_server+0x5ca/0x730 [ 44.341013] ? depot_save_stack+0x292/0x470 [ 44.345334] ? nfs_wait_client_init_complete+0x210/0x210 [ 44.350780] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.356314] ? check_preemption_disabled+0x48/0x200 [ 44.361333] ? check_preemption_disabled+0x48/0x200 [ 44.366340] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 44.371545] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 44.376553] nfs_init_server+0x357/0x1010 [ 44.380739] ? nfs_clone_server+0x920/0x920 [ 44.385070] ? nfs_alloc_fattr+0x48/0x1d0 [ 44.389219] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.394235] nfs_create_server+0x86/0x5f0 [ 44.398377] nfs_try_mount+0x180/0xa80 [ 44.402259] ? lock_downgrade+0x900/0x900 [ 44.406446] ? nfs_request_mount.constprop.18+0x920/0x920 [ 44.411988] ? kasan_check_read+0x11/0x20 [ 44.416126] ? do_raw_spin_unlock+0xa7/0x2f0 [ 44.420525] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 44.425102] ? kasan_check_write+0x14/0x20 [ 44.429341] ? do_raw_spin_lock+0xc1/0x200 [ 44.433564] ? _raw_spin_unlock+0x2c/0x50 [ 44.437743] ? find_nfs_version+0x138/0x190 [ 44.442063] nfs_fs_mount+0x17f8/0x2f1c [ 44.446028] ? nfs_show_options+0x250/0x250 [ 44.450344] ? nfs_clone_super+0x420/0x420 [ 44.454563] ? nfs_parse_mount_options+0x2660/0x2660 [ 44.459653] ? lock_downgrade+0x900/0x900 [ 44.463789] mount_fs+0xae/0x31d [ 44.467145] vfs_kern_mount.part.35+0xdc/0x4f0 [ 44.471719] ? may_umount+0xb0/0xb0 [ 44.475335] ? _raw_read_unlock+0x2c/0x50 [ 44.479481] ? __get_fs_type+0x97/0xc0 [ 44.483370] do_mount+0x581/0x31f0 [ 44.486911] ? copy_mount_string+0x40/0x40 [ 44.491146] ? copy_mount_options+0x5f/0x380 [ 44.495585] ? rcu_read_lock_sched_held+0x108/0x120 [ 44.500596] ? kmem_cache_alloc_trace+0x353/0x750 [ 44.505432] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 44.510960] ? _copy_from_user+0xdf/0x150 [ 44.515103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.520684] ? copy_mount_options+0x288/0x380 [ 44.525179] __ia32_compat_sys_mount+0x5d5/0x860 [ 44.529931] do_fast_syscall_32+0x34d/0xfb2 [ 44.534284] ? do_int80_syscall_32+0x890/0x890 [ 44.538884] ? entry_SYSENTER_compat+0x68/0x7f [ 44.543582] ? trace_hardirqs_off_caller+0xbb/0x310 [ 44.548589] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.553509] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.558343] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.563173] ? trace_hardirqs_on_caller+0x310/0x310 [ 44.568175] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 44.573182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.578706] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.583718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.588553] entry_SYSENTER_compat+0x70/0x7f [ 44.592949] RIP: 0023:0xf7fe7ca9 [ 44.596312] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 44.615199] RSP: 002b:00000000ff89697c EFLAGS: 00000286 ORIG_RAX: 0000000000000015 [ 44.622898] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000020343ff8 [ 44.630156] RDX: 000000002015bffc RSI: 0000000000000000 RDI: 000000002000a000 [ 44.637411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 44.644667] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 44.651926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 44.659190] [ 44.660805] Allocated by task 5332: [ 44.664416] save_stack+0x43/0xd0 [ 44.667853] kasan_kmalloc+0xc7/0xe0 [ 44.671554] __kmalloc+0x14e/0x760 [ 44.675085] fscache_alloc_cookie+0x6f7/0x880 [ 44.679639] __fscache_acquire_cookie+0x230/0xb60 [ 44.684479] nfs_fscache_get_client_cookie+0x463/0x600 [ 44.689740] nfs_alloc_client+0x563/0x760 [ 44.693872] nfs_get_client+0x8e8/0x14d0 [ 44.697925] nfs_init_server+0x357/0x1010 [ 44.702063] nfs_create_server+0x86/0x5f0 [ 44.706194] nfs_try_mount+0x180/0xa80 [ 44.710092] nfs_fs_mount+0x17f8/0x2f1c [ 44.714056] mount_fs+0xae/0x31d [ 44.717426] vfs_kern_mount.part.35+0xdc/0x4f0 [ 44.722036] do_mount+0x581/0x31f0 [ 44.725571] __ia32_compat_sys_mount+0x5d5/0x860 [ 44.730359] do_fast_syscall_32+0x34d/0xfb2 [ 44.734674] entry_SYSENTER_compat+0x70/0x7f [ 44.739070] [ 44.740692] Freed by task 1: [ 44.743696] save_stack+0x43/0xd0 [ 44.747131] __kasan_slab_free+0x102/0x150 [ 44.751348] kasan_slab_free+0xe/0x10 [ 44.755140] kfree+0xcf/0x230 [ 44.758233] acpi_ns_get_node_unlocked+0x2b9/0x309 [ 44.763150] acpi_ns_get_node+0x4d/0x6b [ 44.767124] acpi_ns_evaluate+0xf3/0x9bc [ 44.771186] acpi_ut_evaluate_object+0x12b/0x425 [ 44.775929] acpi_ut_execute_CLS+0x133/0x5d3 [ 44.780333] acpi_get_object_info+0x4fb/0xd1b [ 44.784812] acpi_init_device_object+0x12a0/0x1e20 [ 44.789724] acpi_add_single_object+0x1d2/0x1ed0 [ 44.794463] acpi_bus_check_add+0x5e0/0xb10 [ 44.798771] acpi_ns_walk_namespace+0x224/0x400 [ 44.803444] acpi_walk_namespace+0xf2/0x12c [ 44.807747] acpi_bus_scan+0x146/0x170 [ 44.811624] acpi_scan_init+0x403/0x8fe [ 44.815586] acpi_init+0x941/0xa19 [ 44.819120] do_one_initcall+0x145/0x957 [ 44.823212] kernel_init_freeable+0x4bb/0x5ae [ 44.827698] kernel_init+0x11/0x1b2 [ 44.831319] ret_from_fork+0x3a/0x50 [ 44.835017] [ 44.836633] The buggy address belongs to the object at ffff8801d78c21c0 [ 44.836633] which belongs to the cache kmalloc-32 of size 32 [ 44.849103] The buggy address is located 20 bytes inside of [ 44.849103] 32-byte region [ffff8801d78c21c0, ffff8801d78c21e0) [ 44.860786] The buggy address belongs to the page: [ 44.865709] page:ffffea00075e3080 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d78c2fc1 [ 44.875152] flags: 0x2fffc0000000100(slab) [ 44.879378] raw: 02fffc0000000100 ffffea00075ec8c8 ffff8801da801238 ffff8801da8001c0 [ 44.887245] raw: ffff8801d78c2fc1 ffff8801d78c2000 0000000100000013 0000000000000000 [ 44.895108] page dumped because: kasan: bad access detected [ 44.900800] [ 44.902409] Memory state around the buggy address: [ 44.907323] ffff8801d78c2080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 44.914726] ffff8801d78c2100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 44.922074] >ffff8801d78c2180: fb fb fb fb fc fc fc fc 00 00 06 fc fc fc fc fc [ 44.929412] ^ [ 44.935372] ffff8801d78c2200: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc [ 44.942717] ffff8801d78c2280: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc [ 44.950060] ================================================================== [ 44.957401] Disabling lock debugging due to kernel taint [ 44.963510] Kernel panic - not syncing: panic_on_warn set ... [ 44.963510] [ 44.970898] CPU: 0 PID: 5332 Comm: syz-executor943 Tainted: G B 4.19.0-rc2+ #133 [ 44.979731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.989067] Call Trace: [ 44.991641] dump_stack+0x1c4/0x2b4 [ 44.995251] ? dump_stack_print_info.cold.2+0x52/0x52 [ 45.000429] panic+0x238/0x4e7 [ 45.003606] ? add_taint.cold.5+0x16/0x16 [ 45.007743] ? preempt_schedule+0x4d/0x60 [ 45.011878] ? ___preempt_schedule+0x16/0x18 [ 45.016347] ? trace_hardirqs_on+0xb4/0x310 [ 45.020663] kasan_end_report+0x47/0x4f [ 45.024625] kasan_report.cold.9+0x76/0x309 [ 45.028936] ? fscache_alloc_cookie+0x7ad/0x880 [ 45.033591] __asan_report_load4_noabort+0x14/0x20 [ 45.038504] fscache_alloc_cookie+0x7ad/0x880 [ 45.043044] ? fscache_cookie_init_once+0x80/0x80 [ 45.047884] ? rpcauth_cache_shrink_scan+0x180/0x180 [ 45.052980] ? __kmalloc_track_caller+0x14a/0x750 [ 45.057809] ? kstrdup+0x39/0x70 [ 45.061164] ? nfs_alloc_client+0x383/0x760 [ 45.065470] ? nfs_get_client+0x8e8/0x14d0 [ 45.069689] ? nfs_init_server+0x357/0x1010 [ 45.073993] ? nfs_create_server+0x86/0x5f0 [ 45.078303] ? nfs_fs_mount+0x17f8/0x2f1c [ 45.082443] ? mount_fs+0xae/0x31d [ 45.085966] ? vfs_kern_mount.part.35+0xdc/0x4f0 [ 45.090705] ? do_mount+0x581/0x31f0 [ 45.094404] ? __ia32_compat_sys_mount+0x5d5/0x860 [ 45.099324] ? do_fast_syscall_32+0x34d/0xfb2 [ 45.103806] ? entry_SYSENTER_compat+0x70/0x7f [ 45.108378] __fscache_acquire_cookie+0x230/0xb60 [ 45.113209] ? fscache_cookie_put+0x880/0x880 [ 45.117689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.123213] ? check_preemption_disabled+0x48/0x200 [ 45.128215] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 45.133740] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 45.139002] ? rcu_pm_notify+0xc0/0xc0 [ 45.142876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.148401] nfs_fscache_get_client_cookie+0x463/0x600 [ 45.153662] ? nfs_readpage_from_fscache_complete+0x200/0x200 [ 45.159538] nfs_alloc_client+0x563/0x760 [ 45.163671] ? register_nfs_version+0x280/0x280 [ 45.168328] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.172904] nfs_get_client+0x8e8/0x14d0 [ 45.176964] ? kmem_cache_alloc_trace+0x152/0x750 [ 45.181806] ? mount_fs+0xae/0x31d [ 45.185339] ? __lockdep_init_map+0x105/0x590 [ 45.189824] ? nfs_put_client+0x30/0x30 [ 45.193862] ? nfs_alloc_server+0x5ca/0x730 [ 45.198171] ? depot_save_stack+0x292/0x470 [ 45.202476] ? nfs_wait_client_init_complete+0x210/0x210 [ 45.207914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.213440] ? check_preemption_disabled+0x48/0x200 [ 45.218440] ? check_preemption_disabled+0x48/0x200 [ 45.223444] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 45.228618] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 45.233619] nfs_init_server+0x357/0x1010 [ 45.237751] ? nfs_clone_server+0x920/0x920 [ 45.242103] ? nfs_alloc_fattr+0x48/0x1d0 [ 45.246242] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.251249] nfs_create_server+0x86/0x5f0 [ 45.255384] nfs_try_mount+0x180/0xa80 [ 45.259261] ? lock_downgrade+0x900/0x900 [ 45.263403] ? nfs_request_mount.constprop.18+0x920/0x920 [ 45.268938] ? kasan_check_read+0x11/0x20 [ 45.273079] ? do_raw_spin_unlock+0xa7/0x2f0 [ 45.277479] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 45.282088] ? kasan_check_write+0x14/0x20 [ 45.286318] ? do_raw_spin_lock+0xc1/0x200 [ 45.290541] ? _raw_spin_unlock+0x2c/0x50 [ 45.294736] ? find_nfs_version+0x138/0x190 [ 45.299056] nfs_fs_mount+0x17f8/0x2f1c [ 45.303018] ? nfs_show_options+0x250/0x250 [ 45.307328] ? nfs_clone_super+0x420/0x420 [ 45.311554] ? nfs_parse_mount_options+0x2660/0x2660 [ 45.316642] ? lock_downgrade+0x900/0x900 [ 45.320780] mount_fs+0xae/0x31d [ 45.324133] vfs_kern_mount.part.35+0xdc/0x4f0 [ 45.328708] ? may_umount+0xb0/0xb0 [ 45.332326] ? _raw_read_unlock+0x2c/0x50 [ 45.336459] ? __get_fs_type+0x97/0xc0 [ 45.340338] do_mount+0x581/0x31f0 [ 45.343862] ? copy_mount_string+0x40/0x40 [ 45.348082] ? copy_mount_options+0x5f/0x380 [ 45.352474] ? rcu_read_lock_sched_held+0x108/0x120 [ 45.357475] ? kmem_cache_alloc_trace+0x353/0x750 [ 45.362301] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.367825] ? _copy_from_user+0xdf/0x150 [ 45.371959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.377477] ? copy_mount_options+0x288/0x380 [ 45.382002] __ia32_compat_sys_mount+0x5d5/0x860 [ 45.386753] do_fast_syscall_32+0x34d/0xfb2 [ 45.391063] ? do_int80_syscall_32+0x890/0x890 [ 45.395674] ? entry_SYSENTER_compat+0x68/0x7f [ 45.400293] ? trace_hardirqs_off_caller+0xbb/0x310 [ 45.405322] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.410237] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.415062] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.419948] ? trace_hardirqs_on_caller+0x310/0x310 [ 45.424954] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.429956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.435481] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.440485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.445321] entry_SYSENTER_compat+0x70/0x7f [ 45.449716] RIP: 0023:0xf7fe7ca9 [ 45.453111] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 45.472004] RSP: 002b:00000000ff89697c EFLAGS: 00000286 ORIG_RAX: 0000000000000015 [ 45.479696] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000020343ff8 [ 45.486946] RDX: 000000002015bffc RSI: 0000000000000000 RDI: 000000002000a000 [ 45.494197] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 45.501453] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 45.508711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 45.516283] Dumping ftrace buffer: [ 45.519829] (ftrace buffer empty) [ 45.524171] Kernel Offset: disabled [ 45.527796] Rebooting in 86400 seconds..