[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   25.512275] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.679163] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   27.109083] random: sshd: uninitialized urandom read (32 bytes read)
[   27.708515] random: sshd: uninitialized urandom read (32 bytes read)
[   27.930932] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
[   33.494819] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   33.624023] ==================================================================
[   33.631511] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   33.638876] Read of size 4 at addr ffff8801d7ad1754 by task syz-executor526/5339
[   33.646395] 
[   33.648013] CPU: 0 PID: 5339 Comm: syz-executor526 Not tainted 4.19.0-rc2+ #227
[   33.655444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.664789] Call Trace:
[   33.667406]  dump_stack+0x1c4/0x2b4
[   33.671026]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.676205]  ? printk+0xa7/0xcf
[   33.679477]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.684232]  print_address_description.cold.8+0x9/0x1ff
[   33.689585]  kasan_report.cold.9+0x242/0x309
[   33.693988]  ? fscache_alloc_cookie+0x7ad/0x880
[   33.698644]  __asan_report_load4_noabort+0x14/0x20
[   33.703575]  fscache_alloc_cookie+0x7ad/0x880
[   33.708084]  ? fscache_cookie_init_once+0x80/0x80
[   33.712923]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   33.718019]  ? __kmalloc_track_caller+0x14a/0x750
[   33.722880]  ? kstrdup+0x39/0x70
[   33.726246]  ? nfs_alloc_client+0x383/0x760
[   33.730555]  ? nfs_get_client+0x8e8/0x14d0
[   33.734779]  ? nfs_init_server+0x357/0x1010
[   33.739147]  ? nfs_create_server+0x86/0x5f0
[   33.743460]  ? nfs_fs_mount+0x17f8/0x2f1c
[   33.747597]  ? mount_fs+0xae/0x31d
[   33.751121]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   33.755864]  ? do_mount+0x581/0x31f0
[   33.759563]  ? ksys_mount+0x12d/0x140
[   33.763349]  ? __x64_sys_mount+0xbe/0x150
[   33.767497]  ? do_syscall_64+0x1b9/0x820
[   33.771579]  __fscache_acquire_cookie+0x230/0xb60
[   33.776416]  ? fscache_cookie_put+0x880/0x880
[   33.780908]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.786436]  ? check_preemption_disabled+0x48/0x200
[   33.791445]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   33.796986]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   33.802269]  ? rcu_pm_notify+0xc0/0xc0
[   33.806145]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.811672]  nfs_fscache_get_client_cookie+0x463/0x600
[   33.816948]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   33.822888]  nfs_alloc_client+0x563/0x760
[   33.822909]  ? register_nfs_version+0x280/0x280
[   33.822928]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.822962]  nfs_get_client+0x8e8/0x14d0
[   33.822979]  ? kmem_cache_alloc_trace+0x152/0x750
[   33.845428]  ? mount_fs+0xae/0x31d
[   33.849002]  ? nfs_put_client+0x30/0x30
[   33.852980]  ? nfs_alloc_server+0x5ca/0x730
[   33.857289]  ? depot_save_stack+0x292/0x470
[   33.861601]  ? nfs_wait_client_init_complete+0x210/0x210
[   33.867042]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.872596]  ? check_preemption_disabled+0x48/0x200
[   33.877597]  ? check_preemption_disabled+0x48/0x200
[   33.882600]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.887778]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   33.892803]  nfs_init_server+0x357/0x1010
[   33.896941]  ? nfs_clone_server+0x920/0x920
[   33.901267]  ? nfs_alloc_fattr+0x48/0x1d0
[   33.905407]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.910424]  nfs_create_server+0x86/0x5f0
[   33.914580]  nfs_try_mount+0x180/0xa80
[   33.918463]  ? lock_downgrade+0x900/0x900
[   33.922600]  ? nfs_request_mount.constprop.18+0x920/0x920
[   33.928141]  ? kasan_check_read+0x11/0x20
[   33.932332]  ? do_raw_spin_unlock+0xa7/0x2f0
[   33.936730]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.941309]  ? kasan_check_write+0x14/0x20
[   33.945546]  ? do_raw_spin_lock+0xc1/0x200
[   33.949770]  ? _raw_spin_unlock+0x2c/0x50
[   33.953907]  ? find_nfs_version+0x138/0x190
[   33.958252]  nfs_fs_mount+0x17f8/0x2f1c
[   33.962218]  ? nfs_show_options+0x250/0x250
[   33.966544]  ? nfs_clone_super+0x420/0x420
[   33.970772]  ? nfs_parse_mount_options+0x2660/0x2660
[   33.975867]  ? lock_downgrade+0x900/0x900
[   33.980012]  mount_fs+0xae/0x31d
[   33.983392]  vfs_kern_mount.part.35+0xdc/0x4f0
[   33.987967]  ? may_umount+0xb0/0xb0
[   33.991580]  ? _raw_read_unlock+0x2c/0x50
[   33.995746]  ? __get_fs_type+0x97/0xc0
[   33.999624]  do_mount+0x581/0x31f0
[   34.003156]  ? copy_mount_string+0x40/0x40
[   34.007387]  ? copy_mount_options+0x5f/0x380
[   34.011793]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.016865]  ? kmem_cache_alloc_trace+0x353/0x750
[   34.021703]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.027229]  ? _copy_from_user+0xdf/0x150
[   34.031386]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.036913]  ? copy_mount_options+0x288/0x380
[   34.041400]  ksys_mount+0x12d/0x140
[   34.045043]  __x64_sys_mount+0xbe/0x150
[   34.049010]  do_syscall_64+0x1b9/0x820
[   34.052907]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.058269]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.063198]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.068032]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.073038]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.078044]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.083569]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.088574]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.093408]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.098585] RIP: 0033:0x440129
[   34.101788] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.120730] RSP: 002b:00007fff162ae7d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   34.128443] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   34.135697] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   34.142952] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   34.150223] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   34.157522] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   34.164797] 
[   34.166412] Allocated by task 5339:
[   34.170064]  save_stack+0x43/0xd0
[   34.173501]  kasan_kmalloc+0xc7/0xe0
[   34.177202]  __kmalloc+0x14e/0x760
[   34.180730]  fscache_alloc_cookie+0x6f7/0x880
[   34.185210]  __fscache_acquire_cookie+0x230/0xb60
[   34.190044]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.195309]  nfs_alloc_client+0x563/0x760
[   34.199442]  nfs_get_client+0x8e8/0x14d0
[   34.203491]  nfs_init_server+0x357/0x1010
[   34.207622]  nfs_create_server+0x86/0x5f0
[   34.211760]  nfs_try_mount+0x180/0xa80
[   34.215644]  nfs_fs_mount+0x17f8/0x2f1c
[   34.219622]  mount_fs+0xae/0x31d
[   34.222979]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.227545]  do_mount+0x581/0x31f0
[   34.231118]  ksys_mount+0x12d/0x140
[   34.234730]  __x64_sys_mount+0xbe/0x150
[   34.238714]  do_syscall_64+0x1b9/0x820
[   34.242590]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.247758] 
[   34.249366] Freed by task 1:
[   34.252378]  save_stack+0x43/0xd0
[   34.255817]  __kasan_slab_free+0x102/0x150
[   34.260033]  kasan_slab_free+0xe/0x10
[   34.263819]  kfree+0xcf/0x230
[   34.266917]  acpi_ns_get_node_unlocked+0x2b9/0x309
[   34.271863]  acpi_ns_get_node+0x4d/0x6b
[   34.275829]  acpi_ns_evaluate+0xf3/0x9bc
[   34.279887]  acpi_ut_evaluate_object+0x12b/0x425
[   34.284646]  acpi_ut_execute_power_methods+0xf1/0x22a
[   34.289837]  acpi_get_object_info+0x670/0xd1b
[   34.294328]  acpi_init_device_object+0x12a0/0x1e20
[   34.299242]  acpi_add_single_object+0x1d2/0x1ed0
[   34.303987]  acpi_bus_check_add+0x5e0/0xb10
[   34.308293]  acpi_ns_walk_namespace+0x224/0x400
[   34.312945]  acpi_walk_namespace+0xf2/0x12c
[   34.317252]  acpi_bus_scan+0x146/0x170
[   34.321128]  acpi_scan_init+0x403/0x8fe
[   34.325114]  acpi_init+0x941/0xa19
[   34.328645]  do_one_initcall+0x145/0x957
[   34.332692]  kernel_init_freeable+0x4bb/0x5ae
[   34.337174]  kernel_init+0x11/0x1b2
[   34.340784]  ret_from_fork+0x3a/0x50
[   34.344477] 
[   34.346091] The buggy address belongs to the object at ffff8801d7ad1740
[   34.346091]  which belongs to the cache kmalloc-32 of size 32
[   34.358558] The buggy address is located 20 bytes inside of
[   34.358558]  32-byte region [ffff8801d7ad1740, ffff8801d7ad1760)
[   34.370241] The buggy address belongs to the page:
[   34.375157] page:ffffea00075eb440 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7ad1fc1
[   34.384588] flags: 0x2fffc0000000100(slab)
[   34.388809] raw: 02fffc0000000100 ffffea00075eb1c8 ffff8801da801238 ffff8801da8001c0
[   34.396678] raw: ffff8801d7ad1fc1 ffff8801d7ad1000 000000010000002d 0000000000000000
[   34.404537] page dumped because: kasan: bad access detected
[   34.410230] 
[   34.411860] Memory state around the buggy address:
[   34.416789]  ffff8801d7ad1600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.424133]  ffff8801d7ad1680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.431477] >ffff8801d7ad1700: fb fb fb fb fc fc fc fc 00 00 06 fc fc fc fc fc
[   34.438819]                                                  ^
[   34.444776]  ffff8801d7ad1780: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   34.452139]  ffff8801d7ad1800: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   34.459493] ==================================================================
[   34.466854] Disabling lock debugging due to kernel taint
[   34.472804] Kernel panic - not syncing: panic_on_warn set ...
[   34.472804] 
[   34.480200] CPU: 0 PID: 5339 Comm: syz-executor526 Tainted: G    B             4.19.0-rc2+ #227
[   34.489047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.498383] Call Trace:
[   34.500955]  dump_stack+0x1c4/0x2b4
[   34.504569]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.509754]  panic+0x238/0x4e7
[   34.512930]  ? add_taint.cold.5+0x16/0x16
[   34.517065]  ? preempt_schedule+0x4d/0x60
[   34.521217]  ? ___preempt_schedule+0x16/0x18
[   34.525611]  ? trace_hardirqs_on+0xb4/0x310
[   34.529922]  kasan_end_report+0x47/0x4f
[   34.533887]  kasan_report.cold.9+0x76/0x309
[   34.538197]  ? fscache_alloc_cookie+0x7ad/0x880
[   34.542856]  __asan_report_load4_noabort+0x14/0x20
[   34.547778]  fscache_alloc_cookie+0x7ad/0x880
[   34.552260]  ? fscache_cookie_init_once+0x80/0x80
[   34.557090]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   34.562178]  ? __kmalloc_track_caller+0x14a/0x750
[   34.567023]  ? kstrdup+0x39/0x70
[   34.570394]  ? nfs_alloc_client+0x383/0x760
[   34.574704]  ? nfs_get_client+0x8e8/0x14d0
[   34.578923]  ? nfs_init_server+0x357/0x1010
[   34.583227]  ? nfs_create_server+0x86/0x5f0
[   34.587537]  ? nfs_fs_mount+0x17f8/0x2f1c
[   34.591683]  ? mount_fs+0xae/0x31d
[   34.595228]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   34.599967]  ? do_mount+0x581/0x31f0
[   34.603664]  ? ksys_mount+0x12d/0x140
[   34.607446]  ? __x64_sys_mount+0xbe/0x150
[   34.611580]  ? do_syscall_64+0x1b9/0x820
[   34.615644]  __fscache_acquire_cookie+0x230/0xb60
[   34.620475]  ? fscache_cookie_put+0x880/0x880
[   34.624961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.630489]  ? check_preemption_disabled+0x48/0x200
[   34.635510]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   34.641031]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.646295]  ? rcu_pm_notify+0xc0/0xc0
[   34.650197]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.655744]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.661010]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   34.666888]  nfs_alloc_client+0x563/0x760
[   34.671021]  ? register_nfs_version+0x280/0x280
[   34.675677]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.680248]  nfs_get_client+0x8e8/0x14d0
[   34.684311]  ? kmem_cache_alloc_trace+0x152/0x750
[   34.689140]  ? mount_fs+0xae/0x31d
[   34.692675]  ? nfs_put_client+0x30/0x30
[   34.696645]  ? nfs_alloc_server+0x5ca/0x730
[   34.700951]  ? depot_save_stack+0x292/0x470
[   34.705257]  ? nfs_wait_client_init_complete+0x210/0x210
[   34.710692]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.716212]  ? check_preemption_disabled+0x48/0x200
[   34.721208]  ? check_preemption_disabled+0x48/0x200
[   34.726209]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.731403]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   34.736408]  nfs_init_server+0x357/0x1010
[   34.740578]  ? nfs_clone_server+0x920/0x920
[   34.744909]  ? nfs_alloc_fattr+0x48/0x1d0
[   34.749042]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.754065]  nfs_create_server+0x86/0x5f0
[   34.758203]  nfs_try_mount+0x180/0xa80
[   34.762112]  ? lock_downgrade+0x900/0x900
[   34.766273]  ? nfs_request_mount.constprop.18+0x920/0x920
[   34.771815]  ? kasan_check_read+0x11/0x20
[   34.775964]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.780359]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.784934]  ? kasan_check_write+0x14/0x20
[   34.789155]  ? do_raw_spin_lock+0xc1/0x200
[   34.793400]  ? _raw_spin_unlock+0x2c/0x50
[   34.797539]  ? find_nfs_version+0x138/0x190
[   34.801857]  nfs_fs_mount+0x17f8/0x2f1c
[   34.805821]  ? nfs_show_options+0x250/0x250
[   34.810133]  ? nfs_clone_super+0x420/0x420
[   34.820953]  ? nfs_parse_mount_options+0x2660/0x2660
[   34.826050]  ? lock_downgrade+0x900/0x900
[   34.830184]  mount_fs+0xae/0x31d
[   34.833540]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.838107]  ? may_umount+0xb0/0xb0
[   34.842006]  ? _raw_read_unlock+0x2c/0x50
[   34.846160]  ? __get_fs_type+0x97/0xc0
[   34.850037]  do_mount+0x581/0x31f0
[   34.853579]  ? copy_mount_string+0x40/0x40
[   34.857806]  ? copy_mount_options+0x5f/0x380
[   34.862218]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.867218]  ? kmem_cache_alloc_trace+0x353/0x750
[   34.872049]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.877570]  ? _copy_from_user+0xdf/0x150
[   34.881720]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.887242]  ? copy_mount_options+0x288/0x380
[   34.891722]  ksys_mount+0x12d/0x140
[   34.895368]  __x64_sys_mount+0xbe/0x150
[   34.899398]  do_syscall_64+0x1b9/0x820
[   34.903284]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.908634]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.913551]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.918381]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.923383]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.928400]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.933922]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.938932]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.943789]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.948965] RIP: 0033:0x440129
[   34.952148] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.971052] RSP: 002b:00007fff162ae7d8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   34.978748] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   34.986018] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   34.993273] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   35.000526] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   35.007781] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   35.015360] Dumping ftrace buffer:
[   35.018895]    (ftrace buffer empty)
[   35.023227] Kernel Offset: disabled
[   35.026858] Rebooting in 86400 seconds..